Home >Web Front-end >JS Tutorial >How to Solve 'SecurityError: Blocked a frame with origin from accessing a cross-origin frame'?
Same-origin policy, a critical security measure, prevents scripts from accessing frames with differing origins (protocol, hostname, or port). This error arises when attempting to access elements within an iframe with a non-matching origin.
Direct JavaScript access is prohibited by the same-origin policy. However, if you control both pages, consider window.postMessage for cross-domain communication:
Main Page:
frame.contentWindow.postMessage(data, 'https://second-site.example');
Iframe Page:
window.addEventListener('message', event => { if (event.origin === 'https://first-site.example') console.log(event.data); });
In exceptional cases, you may need to disable the policy. However, it's strongly advised against due to security concerns.
For some browsers, disabling instructions can be found here:
Remember, disabling same-origin policy affects only your browser and poses significant security risks.
The above is the detailed content of How to Solve 'SecurityError: Blocked a frame with origin from accessing a cross-origin frame'?. For more information, please follow other related articles on the PHP Chinese website!