天道酬勤,学无止境

Blocked iframe due to mismatch protocols

问题

我正在尝试在按钮click事件上将值从父窗口发送到我的框架,但它在控制台上显示错误

未捕获的安全错误:阻止了来源为“http://localhost:53838”的框架访问来源为“null”的框架。 请求访问的帧具有“http”协议,被访问的帧具有“文件”协议。 协议必须匹配。

在以下行:

window.parent.setUpFrame();

我在父容器中有以下代码:

<!DOCTYPE html>
<html>
<head>

<script>
function setUpFrame() { 
    var frame = window.frames['myFrame'];
    $('#btn-violet').click(function () {
        frame.changeTheme(2);
    });
}
</script>

</head>
<body>

<iframe id="myFrame" width="100%" height="300px" src="http://localhost:53838/" name="iframe_a"></iframe>    <input type="button" value="bisque Theme" id="btn-bisque" />
<input type="button" value="violet theme" id="btn-violet" />

</body>
</html>

框架内的代码如下所示:

<script>
        function init()
        {
            window.parent.setUpFrame();
            return true;
        }

        function changeTheme(id)
        {
            if (id == 1) {
                $('#CustomStyle').attr('href', '/Content/StyleSheet1.css');
            }
            else
            {
                $('#CustomStyle').attr('href', '/Content/StyleSheet2.css');
            }
        }
</script>
回答1
回答2

您似乎通过文件协议访问了“main”-html(只是双击了 html?)。

请尝试通过 http://localhost:53838/ 访问,或通过文件协议加载您的 iframe。

受限制的 HTML

  • 允许的HTML标签:<a href hreflang> <em> <strong> <cite> <blockquote cite> <code> <ul type> <ol start type> <li> <dl> <dt> <dd> <h2 id> <h3 id> <h4 id> <h5 id> <h6 id>
  • 自动断行和分段。
  • 网页和电子邮件地址自动转换为链接。

相关推荐
  • Blocked iframe due to mismatch protocols
    I am trying to send a value from parent window to my frame on button click event but it shows error on the console Uncaught SecurityError: Blocked a frame with origin "http://localhost:53838" from accessing a frame with origin "null". The frame requesting access has a protocol of "http", the frame being accessed has a protocol of "file". Protocols must match. on the following line: window.parent.setUpFrame(); I have the following code in the parent container: <!DOCTYPE html> <html> <head> <script> function setUpFrame() { var frame = window.frames['myFrame']; $('#btn-violet').click(function ()
  • 由于 MIME 类型不匹配(X-Content-Type-Options: nosniff),资源被阻止(Resource blocked due to MIME type mismatch (X-Content-Type-Options: nosniff))
    问题 我正在使用 JavaScript 和 HTML 开发一个网页,当我从我的 HTML 页面收到以下错误列表时,一切正常: The resource from “https://raw.githubusercontent.com/dataarts/dat.gui/master/build/dat.gui.min.js” was blocked due to MIME type mismatch (X-Content-Type-Options: nosniff). The resource from “https://raw.githubusercontent.com/mrdoob/three.js/dev/build/three.js” was blocked due to MIME type mismatch (X-Content-Type-Options: nosniff). The resource from “https://raw.githubusercontent.com/mrdoob/three.js/master/examples/js/renderers/CanvasRenderer.js” was blocked due to MIME type mismatch (X-Content-Type-Options: nosniff). The resource
  • iFrame blocked due to portocols, domains & ports must match
    问题 我收到以下错误: 阻止具有来源https://<my host ip>的框架访问具有来源https://<target host ip>的框架。 协议、域和端口必须匹配。 如果您注意到两者都是“https”。 但仍然会出现错误。 请帮助 - 我该如何避免这种情况。 回答1 正如标题所说: domains & ports must match 两个不同的ip,这意味着你有两个不同的域。 了解同源政策 如果您控制两个域,则需要查看 window.postMessage 回答2 协议、域和端口必须匹配 <my host ip>与<target host ip>不同,它们都是 url 中域的一部分。 http:// 是协议 ip或网站名称是域名 :xxxx 是端口 所以最终结果: http://ip:xxxx
  • Getting http/https protocols to match with <iframe> for maps.google.com
    I am trying to use an <iframe> include of a google map, however the console is throwing several errors due to a mismatch, but there is no apparent mismatch, so I'm assuming it must be a function/process on the side of google maps. Specifically with maps.google.com, there appears to be a change to the script for the iframe, according to this. The errors in the console is this: ( I am getting at least 30 errors on page load ) Unsafe JavaScript attempt to access frame with URL http://www.developer.host.com/ from frame with URL https://maps.google.com/maps/msmsa=0&msid= 212043342089249462794
  • iFrame blocked due to portocols, domains & ports must match
    I am getting the error below: Blocked a frame with origin https://<my host ip> from accessing a frame with origin https://<target host ip>. Protocols, domains, and ports must match. If you notice both are 'https'. But still the error occurs. Please help - how do I avoid this.
  • 获取与之匹配的http / https协议对于maps.google.com(Getting http/https protocols to match with <iframe> for maps.google.com)
    问题 我正在尝试使用Google Map的<iframe>包含项,但是由于不匹配,控制台会引发多个错误,但是没有明显的不匹配,因此我假设它必须是一个函数/进程。谷歌地图。 据此,特别是在maps.google.com上,iframe的脚本似乎有所更改。 控制台中的错误是这样的:(我在页面加载时收到至少30个错误) Unsafe JavaScript attempt to access frame with URL http://www.developer.host.com/ from frame with URL https://maps.google.com/maps/msmsa=0&msid= 212043342089249462794.00048cfeb10fb9d85b995&ie=UTF8&t= m&ll=35.234403,-80.822296&spn=0.392595,0.137329&z=10&output=embed. The frame requesting access has a protocol of 'https', the frame being accessed has a protocol of 'http'. Protocols must match. 由于我的网站是http而不是https,并且地图网址是http,为什么会出现不匹配的情况
  • 控制台显示未捕获的安全错误(Console displays Uncaught SecurityError)
    问题 我不确定如何修复下面的错误。 有人可以帮我吗? Uncaught SecurityError: Failed to read the 'contentDocument' property from 'HTMLIFrameElement': Blocked a frame with origin "http://mysite.net" from accessing a frame with origin "https://www.youtube.com". The frame requesting access has a protocol of "http", the frame being accessed has a protocol of "https". Protocols must match. 回答1 您正在尝试从 http 网站中访问 https url。 HTTPS 和 HTTP 是不同的协议,会导致不匹配。 我认为以下链接可能会有所帮助:https://productforums.google.com/forum/#!topic/chrome/ODpydGiCgiE if you want to access frames in a iframe you can change top with parent.frames only for accessing
  • Resource blocked due to MIME type mismatch (X-Content-Type-Options: nosniff)
    I am developing a web page using JavaScript and HTML, everything was working good when I have received this list of errors from my HTML page: The resource from “https://raw.githubusercontent.com/dataarts/dat.gui/master/build/dat.gui.min.js” was blocked due to MIME type mismatch (X-Content-Type-Options: nosniff). The resource from “https://raw.githubusercontent.com/mrdoob/three.js/dev/build/three.js” was blocked due to MIME type mismatch (X-Content-Type-Options: nosniff). The resource from “https://raw.githubusercontent.com/mrdoob/three.js/master/examples/js/renderers/CanvasRenderer.js” was
  • 由于 MIME 类型而被阻止的资源?(Resource blocked due to MIME type?)
    问题 多年来,我成功地包含了动态创建的 javscript 文件。 这是一个示例:https://granadainfo.com/sups.php?locs=95 如您所见,它加载正常。 我通常像这样把它们放在我的 html 文档的头部。 脚本类型="text/javascript" src="https://granadainfo.com/sups.php?locs=95" /脚本 在过去的几天里,他们已经停止工作。 来自 firefox 调试器控制台的错误消息如下。 由于 MIME 类型 (“text/html”) 不匹配 (X-Content-Type-Options: nosniff),来自“https://granadainfo.com/sups.php?locs=95”的资源被阻止。 我使用 a2 网络托管。 他们必须对配置进行一些更改以使其停止工作。 可能我可以通过 .htaccess 文件中的一行来解决这个问题。 A2 托管建议这条线,但它不起作用。 标头始终未设置 X-Frame-Options 该问题仅在有获取请求时发生。 即 ?locs=95 静态文件没有问题。 我尝试将文件名更改为 .js 并将 .htaccess 文件更改为将 .js 解析为 php 但没有区别。 回答1 PHP 默认为Content-Type: text/html 。 如果您不提供
  • Uncaught (in promise) DOMException: Blocked a frame with origin "http://127.0.0.1:4100" from accessing a cross-origin frame - REACT JS [duplicate]
    This question already has answers here: SecurityError: Blocked a frame with origin from accessing a cross-origin frame (9 answers) Closed last year. I have and Iframe in a react component which loads a pdf file on click of button from an external url (My Api endpoint with port 8000), After It's loaded successfully, I want to print the content of that Iframe, But getting and error Here is my react component import React from 'react' const pageCont = () =>{ return( <div> <iframe id='pdfp' name='pdfp' src='http://127.0.0.1:8000/api/ebook.pdf'></iframe> <button onClick={()=>{ document
  • Django + React The resource was blocked due to MIME type (“text/html”) mismatch (X-Content-Type-Options: nosniff)
    Developing a django app with frontend react and serving the react build files with django. project structure is as everything works fine when in settings.py I have DEBUG=True However when I change it to DEBUG=False i get the following errors for static files in the console The resource from “http://localhost:8000/static/js/2.285a2b2f.chunk.js” was blocked due to MIME type (“text/html”) mismatch (X-Content-Type-Options: nosniff). The resource from “http://localhost:8000/static/css/main.dde91409.chunk.css” was blocked due to MIME type (“text/html”) mismatch (X-Content-Type-Options: nosniff). The
  • Cross Origin Chrome Extension
    I have been reading and playing around with Chrome Extensions for the last week or so but I'm having trouble trying to achieve what I want. What I am trying to create is an Extension that in the background (or silently) visits a website fills out a form on the web page and retrieves the response. The website doesn't have an API and I can't create a server to do this as the website only allows X requests per IP per hour so my requests would be exhausted after a few users. So my idea was to create a background page that would have some javascript to fill out the form using JS to getElementById
  • Django + React 资源因 MIME 类型(“text/html”)不匹配而被阻塞(X-Content-Type-Options: nosniff)(Django + React The resource was blocked due to MIME type (“text/html”) mismatch (X-Content-Type-Options: nosniff))
    问题 使用前端 react 开发 django 应用程序,并使用 django 提供 react 构建文件。 项目结构是因为在 settings.py 中一切正常 DEBUG=True 但是,当我将其更改为DEBUG=False时,控制台中的静态文件出现以下错误 来自“http://localhost:8000/static/js/2.285a2b2f.chunk.js”的资源由于 MIME 类型(“text/html”)不匹配(X-Content-Type-Options:nosniff)而被阻止。 来自“http://localhost:8000/static/css/main.dde91409.chunk.css”的资源由于 MIME 类型(“text/html”)不匹配(X-Content-Type-Options:nosniff)而被阻止。 由于 MIME 类型(“text/html”)不匹配(X-Content-Type-Options:nosniff),来自“http://localhost:8000/static/js/main.eade1a0b.chunk.js”的资源被阻止。 由于 MIME 类型(“text/html”)不匹配(X-Content-Type-Options:nosniff),来自“http://localhost:8000/static/css
  • 删除 youtube iframe api 控制台错误的方法 - 在 chrome 控制台中“阻止了一个带有原点的框架......”(Methods of removing the youtube iframe api console error - “blocked a frame with origin…” in chrome console)
    问题 我正在使用 youtube iframe api 并收到以下与阻止来自 http://www.youtube.com 的框架有关的控制台错误。 想知道是否有人可以解释为什么这个错误只出现在 chrome 控制台中,以及是否有任何方法可以防止这种情况发生? 错误: 阻止了来源为“http://www.youtube.com”的框架访问来源为“http://youtubetest.appspot.com”的框架。 协议、域和端口必须匹配。 回答1 我有一个类似的错误,其中 JS 错误是: 阻止了来源为“https://www.youtube.com”的框架访问来源为“http://www.yourdomain.com”的框架。 请求访问的帧具有“https”协议,被访问的帧具有“http”协议。 协议/协议必须匹配,YouTube 启用了 CORS(跨域资源共享)以允许跨域。 尝试去掉 YouTube iframe 标签中的https:// ? 您还可以查看关闭 iframe 标签。 iframe 标签不是单例标签,必须以</iframe>而不是/>结尾。 回答2 似乎今天,使用 YouTube 放入他们自己的嵌入代码片段工具中的无协议“//youtube.com” URL 正在抛出协议匹配错误。 (叹气)这在本周早些时候工作得很好。 如果我将 https: 添加到嵌入 URL
  • Chrome 扩展:不安全的 JavaScript 尝试访问具有 URL 域、协议和端口必须匹配的框架(Chrome Extension: Unsafe JavaScript attempt to access frame with URL Domains, protocols and ports must match)
    问题 此答案指定了如何访问 gmail.com https://stackoverflow.com/a/9439525/222236 上所有 iframe 的内容 但是在 mail.google.com 上它会抛出这个错误: Unsafe JavaScript attempt to access frame with URL https://plus.google.com/u/0/_/... from frame with URL https://mail.google.com/mail/u/0/#inbox. Domains, protocols and ports must match. 我尝试将*://plus.google.com/*添加到扩展程序清单的匹配项中,但没有帮助。 更新:在访问内容之前检查 url 有效,但我的逻辑目前非常粗糙,因为它只检查 google plus: if(-1==iframes[i].src.indexOf('plus.google.com')) { contentDocument = iframes[i].contentDocument; if (contentDocument && !contentDocument.rweventsadded73212312) { // add poller to the new iframe
  • Function was blocked due to MIME type mismatch (X-Content-Type-Options: nosniff)
    I'm using Quick.gallery (http://quick.gallery) script on my website but I'm getting some erros with Firebug: When I try to access http://www.portaloficial.com.br/fotos.php, Firebug show me some erros like "js=js_viewer was blocked due to MIME type mismatch (X-Content-Type-Options: nosniff)." Can anybody help me on this?
  • 由于 MIME 类型不匹配,函数被阻止 (X-Content-Type-Options: nosniff)(Function was blocked due to MIME type mismatch (X-Content-Type-Options: nosniff))
    问题 我在我的网站上使用 Quick.gallery (http://quick.gallery) 脚本,但我在使用 Firebug 时遇到了一些错误: 当我尝试访问 http://www.portaloficial.com.br/fotos.php 时,Firebug 向我显示了一些错误,例如“js=js_viewer 由于 MIME 类型不匹配而被阻止(X-Content-Type-Options:nosniff)。 ” 有人可以帮我吗? 回答1 我之前遇到过这个问题,当我引用错误输入的 URL 时,因此内容类型 html 的原因是,我实际上得到了一个 HTTP 404 错误页面。
  • react.js with webpack Resource blocked due to MIME type mismatch
    Developing a react app with webpack, in my app.js router when i specify the route to be /foo the component renders normally but when i specify a route as /foo/bar i get the following error "The resource from “http://localhost:9000/foo/bar/bundle.js” was blocked due to MIME type (“text/html”) mismatch (X-Content-Type-Options: nosniff)" App.js function App() { return ( <div className="App"> <BrowserRouter> <Router history={history}> <Switch> <Route exact path="/api/login" component={Login} /> //gives error <Route exact path="/login" component={Login} /> //renders normally <Route component={Error
  • 由于 MIME 类型不匹配,带有 webpack 资源的 react.js 被阻止(react.js with webpack Resource blocked due to MIME type mismatch)
    问题
  • IE9 script response blocked due to mime type mismatch
    I use the following code snippet to load data from google fusion table as json. var fileref = document.createElement("script"); fileref.setAttribute("type", "text/javascript"); fileref.setAttribute("src", "http://tables.googlelabs.com/api/query?sql=select * from 588320&hdrs=false&jsonCallback=LoadTable"); Works great in IE8, FF, Chrome, but now IE9 doesn't know how to handle the callback because the response and mime types don't match. IE9 reports the following script error when using jsonCallback param because it doesn't like the mime type. SEC7112: Script from http://tables.googlelabs.com