11

The following issue occurs in Android 4.4 devices and above.

This is what our iframe looks like:

<iframe frameborder=0 id="myIFRAME"></iframe>

The following is the way we are getting iframe programmatically:

if(document.getElementById("myIFRAME")){
        me.setMyIFRAME(document.getElementById("myIFRAME").contentWindow);
}

This is causing a security error related to Protocol mismatch:

"Uncaught SecurityError: Blocked a frame with origin "https://www.google.com" from accessing a frame with origin "file://". The frame requesting access has a protocol of "https", the frame being accessed has a protocol of "file". Protocols must match.

We are using Sencha touch with Cordova to develop our project.

tarzanbappa
  • 4,930
  • 22
  • 75
  • 117
Ritika
  • 593
  • 1
  • 8
  • 21

5 Answers5

4

The Cordova security guide says:

If content is served in an iframe from a whitelisted domain, that domain will have access to the native Cordova bridge.

Have you tried adding the external domain to the whitelist inside config.xml?

<access origin="https://google.com" />
lifeisfoo
  • 15,478
  • 6
  • 74
  • 115
0

@Ritika,
I'm taking a wild guess here, because I do not use iframes, but in your <iframe> element I do NOT see a src. As such, the system is setting it to some type of default and the protocol of that source is file://

I think if you set a src=, even a blank one, the issue will go away.

Away, just a guess. Best of Luck.

  • src is dynamically created in code & then is ultimately set on iframe.Even i tried to set src = '' initially, but that doesnt helped – Ritika Oct 01 '15 at 10:45
  • Okay, Shot in the dark. Are you using the *white-list*, the plugin and CSP? –  Oct 01 '15 at 19:17
  • I have tried using whie-listing , that too doesnt help – Ritika Oct 06 '15 at 07:11
  • Okay. A few more issues to try. Are you using an alternate webview library? Like crosswalk? You did not say if you are using CSP? Which version of the Cordova/phonegap compiler are you using? Which version of the plugin are you using? Have you tried the *minSDK* and *targetSDK*? –  Oct 06 '15 at 21:57
0

  1. Google is not accessible over iFrame.

  2. From a page served using file:// protocol cannot access resources over http:// or https:// protocol by default.

Ashok Vishwakarma
  • 669
  • 7
  • 20
0

Personaly, I would avoid using iFrames all together.

https://github.com/phonegap/phonegap/wiki/iFrame-Usage

johnborges
  • 2,422
  • 20
  • 33
0

It turned out that iframe was loading html page which was accessing window.document which was causing Cross-domain security error Below if condition was inside page

 if (window.parent.document != window.document)

we change it to below condition which resolve security error

if (window.parent != window)
Ritika
  • 593
  • 1
  • 8
  • 21