Uncaught SecurityError: Failed to read the 'contentDocument' property from 'HTMLIFrameElement': Blocked a frame with origin "https://localhost"

Surendhar Natarajan picture Surendhar Natarajan · Feb 2, 2015 · Viewed 57.4k times · Source

I am facing below issue while trying to capture click events of G + follow button.

Uncaught SecurityError: Failed to read the 'contentDocument' property from 'HTMLIFrameElement': Blocked a frame with origin "https://localhost" from accessing a frame with origin "https://apis.google.com". Protocols, domains, and ports must match.

Answer

Jonast92 picture Jonast92 · Feb 2, 2015

I found a similar discussion, Uncaught SecurityError: Failed to read the 'contentDocument' property from 'HTMLIFram.

This issue fired when you try to call ajax to another domain, please check this article for more info about Same origin policy

Mozilla's Same Origin article

For fix this, you will need to add this code

document.domain = 'yourdomain.com'

From the article itself:

A page may change its own origin with some limitations. A script can set the value of document.domain to a subset of the current domain. If it does so, the shorter domain is used for subsequent origin checks. For example, assume a script in the document at http://store.company.com/dir/other.html executes the following statement:

document.domain = "company.com";

After that statement executes, the page would pass the origin check with http://company.com/dir/page.html. However, by the same reasoning, company.com could not set document.domain to othercompany.com.

The port number is kept separately by the browser. Any call to the setter, including document.domain = document.domain causes the port number to be overwritten with null. Therefore one cannot make company.com:8080 talk to company.com by only setting document.domain = "company.com" in the first. It has to be set in both so that port numbers are both null.