iframe: Protocols, domains, and ports must match error

  • I have an VF page with an iframe displaying a force.com site from a different SF instance and I'm receiving this error in chrome caused by SfdcCore.js:

    Blocked a frame with origin "https://<mysitename>.<mycompanyname>.cs10.force.com" from accessing a frame with origin "https://<namespace>.na15.visual.force.com". Protocols, domains, and ports must match. 

    Everything seems to be functioning normally except the javascript error is preventing any further javascript from running correctly.

    Has anyone found any type of workaround for this?

    I wonder if this is related to the fact that Salesforce sandboxes don't have valid SSL certs.

    Yeah I kinda hope that might be case, I'll be able to test when I push the force.com site to production. I've had that remedy the SSL warning before, but I'm concerned this might be a separate issue, even if the protocols match the domains won't.

    I believe Stork is correct. Have run into similar issues with SSL certs in sandboxes

    I tested this by swapping the iframe to a different force.com site in a production environment with valid https and I received the same error except from main.js

    @PhilR hm, my issue is not with two VF pages on the same instance. Also I'm not trying to do anything at the window level, its the core sfdc javascript that is causing the issue.

    Your domains don't match; you're going from cs10.force.com to na15.visual.force.com. Seems like a basic security feature.

    iframing is allowed from one domain to another, Mike Chale, it's having some code in the iframe access the parent page that is not allowed.

    I think that is something defined by the X-Frame-Options header.

  • Domain of parent page and the its origined iframe page must be same to access parent frame javascript from child frame javascript or jquery. This is a basic security feature which prevents javascript injection from cross-domain sites.

    Even if your domain is same and one is using https:// and its child frame using http:// javascript will not work because protocol is different. No browser support cross-domain referencing. Its a browser security feature.

    Only solution is redirecting the page through controller using Pagereference when you have done something on page or use same domain.

    Edit (found a useful link):

    Explained in more detail - http://javascript.info/tutorial/same-origin-security-policy

    There is a workaround for this. You could use postMessage (https://developer.mozilla.org/en-US/docs/Web/API/Window.postMessage) to send data across pages of different domain. But unfortunately it doesn't work that well in IE..

    I believe JSONP could also be used as a workaround.

    @PhilB JSONP and PostMessaging would work.

    @PhilB Can you give some information about how to use JSONP in salesforce.

    @ Anamadeya - I tried but its not working. Since I dont have access to the IFrame in salesforce. How we can make this working ?

    @Ashwani - Could you post some code snippet ?

License under CC-BY-SA with attribution

Content dated before 7/24/2021 11:53 AM

Tags used