Hello,
I have a portal page that is embedded on a website in an iframe and I get the following security error:
Uncaught SecurityError: Blocked a frame with origin "https://subdomain.domain.com" from accessing a frame with origin "http://www.domain.com". The frame requesting access has a protocol of "https", the frame being accessed has a protocol of "http". Protocols must match. main.js:436
Note: I do not have any script that is trying to access information from the main website page where this iframe is embedded.
Upon inspecting the main.js file at line 436, it is trying to access the rb.newui variable from the parent window which is not defined for portals and window.top (which is my website) definitely doesn't have that variable defined. This needs to be resolved going further as my portal page is not behaving correctly because of this security exception error. Let me know once this issue is fixed.
Cheers.
Iram
Hi Iram,
This is the same-origin policy restriction due to different protocols. Please see below for more details.
developer.mozilla.org/.../Same-origin_policy
Could you please try by adding below script to the footer of your portal and let us know the outcome.
<script>
window.rbf_isNewUI=function(){return Boolean(window.rb&&window.rb.newui);};
</script>
Regards,
Mayank
Hello guys,
Could someone confirm to me about this issue please?
Iram
Hi Iram,
We are looking into it, will update soon.
Regards,
Mayank
Hello [mention:3f7b5b26a0194087bff1a3fc2ec50bf1:e9ed411860ed4f2ba0265705b8793d05] ,
Could you suggest a solution for this to me please? This post has been there for 3 months already.
Iram
Hi Iram,
This is the same-origin policy restriction due to different protocols. Please see below for more details.
developer.mozilla.org/.../Same-origin_policy
Could you please try by adding below script to the footer of your portal and let us know the outcome.
<script>
window.rbf_isNewUI=function(){return Boolean(window.rb&&window.rb.newui);};
</script>
Regards,
Mayank
This issue has been resolved on release branch. Fix will be available in the forthcoming release .
Once available, please consider reverting the above suggested client-side override employed as a workaround.