Uncaught DOMException: Blocked a frame with origin “http://localhost:8080” from accessing a cross-origin frame while listing the iframes in page

This error message… Uncaught DOMException: Blocked a frame with origin “http://localhost:8080” from accessing a cross-origin frame. …implies that the WebDriver instance blocked from accessing a cross-origin frame. Same-origin policy Same-origin policy : Same-origin policy restricts how a document or script loaded from one origin can interact with a resource from another origin. It is a … Read more

Google Chrome –allow-file-access-from-files disabled for Chrome Beta 8

Looking at the issues for this shows that the whole –allow-file-access-from-files thing was rushed. “Firefox does it..” “How can we do it?” some time passes “Here are the patches” “Passes! On trunk wonder what happens in the next dev release” “Ahhh it’s broken” “Use the command line option” “ok” “We shipped!” “WTF guys? You broke … Read more

Cross Domain Form POSTing

The same origin policy is applicable only for browser side programming languages. So if you try to post to a different server than the origin server using JavaScript, then the same origin policy comes into play but if you post directly from the form i.e. the action points to a different server like: <form action=”http://someotherserver.com”> … Read more

Catch error if iframe src fails to load . Error :-“Refused to display ‘http://www.google.co.in/’ in a frame..”

You wont be able to do this from the client side because of the Same Origin Policy set by the browsers. You wont be able to get much information from the iFrame other than basic properties like its width and height. Also, google sets in its response header an ‘X-Frame-Options’ of SAMEORIGIN. Even if you … Read more

SecurityError: Blocked a frame with origin from accessing a cross-origin frame

Same-origin policy You can’t access an <iframe> with different origin using JavaScript, it would be a huge security flaw if you could do it. For the same-origin policy browsers block scripts trying to access a frame with a different origin. Origin is considered different if at least one of the following parts of the address … Read more

XMLHttpRequest cannot load XXX No ‘Access-Control-Allow-Origin’ header

tl;dr — There’s a summary at the end and headings in the answer to make it easier to find the relevant parts. Reading everything is recommended though as it provides useful background for understanding the why that makes seeing how the how applies in different circumstances easier. About the Same Origin Policy This is the Same … Read more

Ways to circumvent the same-origin policy

The document.domain method Method type: iframe. Note that this is an iframe method that sets the value of document.domain to a suffix of the current domain. If it does so, the shorter domain is used for subsequent origin checks. For example, assume a script in the document at http://store.company.com/dir/other.html executes the following statement: document.domain = … Read more

Why does my JavaScript code receive a “No ‘Access-Control-Allow-Origin’ header is present on the requested resource” error, while Postman does not?

If I understood it right you are doing an XMLHttpRequest to a different domain than your page is on. So the browser is blocking it as it usually allows a request in the same origin for security reasons. You need to do something different when you want to do a cross-domain request. A tutorial about … Read more