How can I fix this message in Firefox? I am using an Iframe which has an anchor tag? I would like to get a reference to this anchor but i am getting this error when I am trying to access anchor:
如何在Firefox中修复此消息?我正在使用一个有锚标签的Iframe?我想获得对此锚点的引用,但是当我尝试访问锚点时,我收到此错误:
var frameWindow = document.getElementById('myIframe').contentWindow;
var anchor = frameWindow.document.links[0]; //.getElementsByClassName('a');
anchor.onclick....
2 个解决方案
#1
21
Relaxing the same-origin policy
放宽同源政策
In some circumstances the same-origin policy is too restrictive, posing problems for large websites that use multiple subdomains. Here are four techniques for relaxing it:
在某些情况下,同源策略限制性太强,对使用多个子域的大型网站造成问题。以下是放松它的四种技巧:
If two windows (or frames) contain scripts that set domain to the same value, the same-origin policy is relaxed for these two windows, and each window can interact with the other. For example, cooperating scripts in documents loaded from orders.example.com and catalog.example.com might set their document.domain properties to “example.com”, thereby making the documents appear to have the same origin and enabling each document to read properties of the other. This might not always work as the port stored in the internal representation can become marked as null. In other words example.com port 80 will become example.com port null because we update document.domain
. Port null might not be treated as 80 ( depending on your browser ) and hence might fail or succeed depending on your browser.
如果两个窗口(或框架)包含将域设置为相同值的脚本,则这两个窗口将放宽同源策略,并且每个窗口可以与另一个窗口进行交互。例如,从orders.example.com和catalog.example.com加载的文档中的协作脚本可能会将其document.domain属性设置为“example.com”,从而使文档看起来具有相同的来源并使每个文档都能够读取另一个的属性。这可能并不总是有效,因为存储在内部表示中的端口可以标记为null。换句话说,example.com端口80将成为example.com端口null,因为我们更新document.domain。端口null可能不会被视为80(取决于您的浏览器),因此可能会失败或成功,具体取决于您的浏览器。
跨源资源共享
The second technique for relaxing the same-origin policy is being standardized under the name Cross-Origin Resource Sharing. This draft standard extends HTTP with a new Origin request header and a new Access-Control-Allow-Origin
response header. It allows servers to use a header to explicitly list origins that may request a file or to use a wildcard and allow a file to be requested by any site. Browsers such as Firefox 3.5 and Safari 4 use this new header to allow the cross-origin HTTP requests with XMLHttpRequest that would otherwise have been forbidden by the same-origin policy.[7]
第二种放宽同源策略的技术正在以跨源资源共享的名义进行标准化。该草案标准使用新的Origin请求头和新的Access-Control-Allow-Origin响应头扩展HTTP。它允许服务器使用标头显式列出可能请求文件或使用通配符的源,并允许任何站点请求文件。诸如Firefox 3.5和Safari 4之类的浏览器使用这个新标头来允许XMLHttpRequest的跨源HTTP请求,否则这些请求将被同源策略禁止。[7]
Another new technique, cross-document messaging allows a script from one page to pass textual messages to a script on another page regardless of the script origins. Calling the postMessage()
method on a Window object asynchronously fires an "onmessage"
event in that window, triggering any user-defined event handlers. A script in one page still cannot directly access methods or variables in the other page, but they can communicate safely through this message-passing technique.
另一种新技术,跨文档消息传递允许来自一个页面的脚本将文本消息传递到另一页面上的脚本,而不管脚本来源如何。在Window对象上异步调用postMessage()方法会在该窗口中触发“onmessage”事件,从而触发任何用户定义的事件处理程序。一个页面中的脚本仍然无法直接访问另一个页面中的方法或变量,但它们可以通过此消息传递技术安全地进行通信。
JSONP allows a page to receive JSON data from a different domain by adding a <script>
element to the page which loads a JSON response from a different domain.
JSONP允许页面通过向页面添加
The function call is the "P" of JSONP—the "padding" around the pure JSON, or according to some the "prefix". By convention, the browser provides the name of the callback function as a named query parameter value, typically using the name jsonp or callback as the named query parameter field name, in its request to the server, e.g.,
函数调用是JSONP的“P” - 纯JSON周围的“填充”,或者根据某些“前缀”。按照惯例,浏览器在其对服务器的请求中提供回调函数的名称作为命名查询参数值,通常使用名称jsonp或callback作为命名查询参数字段名称,例如,
<script type="application/javascript"
src="http://server2.example.com/Users/1234?jsonp=parseResponse">
</script>
In this example, the received payload would be:
在此示例中,接收的有效负载将是:
parseResponse({"Name": "Foo", "Id": 1234, "Rank": 7});
#2
10
If the iframe points to a different domain, you will get this error. This is an example of your browser preventing cross-site scripting: http://en.wikipedia.org/wiki/Cross-site_scripting
如果iframe指向其他域,则会出现此错误。这是您的浏览器阻止跨站点脚本编写的示例:http://en.wikipedia.org/wiki/Cross-site_scripting
#1
21
Relaxing the same-origin policy
放宽同源政策
In some circumstances the same-origin policy is too restrictive, posing problems for large websites that use multiple subdomains. Here are four techniques for relaxing it:
在某些情况下,同源策略限制性太强,对使用多个子域的大型网站造成问题。以下是放松它的四种技巧:
If two windows (or frames) contain scripts that set domain to the same value, the same-origin policy is relaxed for these two windows, and each window can interact with the other. For example, cooperating scripts in documents loaded from orders.example.com and catalog.example.com might set their document.domain properties to “example.com”, thereby making the documents appear to have the same origin and enabling each document to read properties of the other. This might not always work as the port stored in the internal representation can become marked as null. In other words example.com port 80 will become example.com port null because we update document.domain
. Port null might not be treated as 80 ( depending on your browser ) and hence might fail or succeed depending on your browser.
如果两个窗口(或框架)包含将域设置为相同值的脚本,则这两个窗口将放宽同源策略,并且每个窗口可以与另一个窗口进行交互。例如,从orders.example.com和catalog.example.com加载的文档中的协作脚本可能会将其document.domain属性设置为“example.com”,从而使文档看起来具有相同的来源并使每个文档都能够读取另一个的属性。这可能并不总是有效,因为存储在内部表示中的端口可以标记为null。换句话说,example.com端口80将成为example.com端口null,因为我们更新document.domain。端口null可能不会被视为80(取决于您的浏览器),因此可能会失败或成功,具体取决于您的浏览器。
跨源资源共享
The second technique for relaxing the same-origin policy is being standardized under the name Cross-Origin Resource Sharing. This draft standard extends HTTP with a new Origin request header and a new Access-Control-Allow-Origin
response header. It allows servers to use a header to explicitly list origins that may request a file or to use a wildcard and allow a file to be requested by any site. Browsers such as Firefox 3.5 and Safari 4 use this new header to allow the cross-origin HTTP requests with XMLHttpRequest that would otherwise have been forbidden by the same-origin policy.[7]
第二种放宽同源策略的技术正在以跨源资源共享的名义进行标准化。该草案标准使用新的Origin请求头和新的Access-Control-Allow-Origin响应头扩展HTTP。它允许服务器使用标头显式列出可能请求文件或使用通配符的源,并允许任何站点请求文件。诸如Firefox 3.5和Safari 4之类的浏览器使用这个新标头来允许XMLHttpRequest的跨源HTTP请求,否则这些请求将被同源策略禁止。[7]
Another new technique, cross-document messaging allows a script from one page to pass textual messages to a script on another page regardless of the script origins. Calling the postMessage()
method on a Window object asynchronously fires an "onmessage"
event in that window, triggering any user-defined event handlers. A script in one page still cannot directly access methods or variables in the other page, but they can communicate safely through this message-passing technique.
另一种新技术,跨文档消息传递允许来自一个页面的脚本将文本消息传递到另一页面上的脚本,而不管脚本来源如何。在Window对象上异步调用postMessage()方法会在该窗口中触发“onmessage”事件,从而触发任何用户定义的事件处理程序。一个页面中的脚本仍然无法直接访问另一个页面中的方法或变量,但它们可以通过此消息传递技术安全地进行通信。
JSONP allows a page to receive JSON data from a different domain by adding a <script>
element to the page which loads a JSON response from a different domain.
JSONP允许页面通过向页面添加
The function call is the "P" of JSONP—the "padding" around the pure JSON, or according to some the "prefix". By convention, the browser provides the name of the callback function as a named query parameter value, typically using the name jsonp or callback as the named query parameter field name, in its request to the server, e.g.,
函数调用是JSONP的“P” - 纯JSON周围的“填充”,或者根据某些“前缀”。按照惯例,浏览器在其对服务器的请求中提供回调函数的名称作为命名查询参数值,通常使用名称jsonp或callback作为命名查询参数字段名称,例如,
<script type="application/javascript"
src="http://server2.example.com/Users/1234?jsonp=parseResponse">
</script>
In this example, the received payload would be:
在此示例中,接收的有效负载将是:
parseResponse({"Name": "Foo", "Id": 1234, "Rank": 7});
#2
10
If the iframe points to a different domain, you will get this error. This is an example of your browser preventing cross-site scripting: http://en.wikipedia.org/wiki/Cross-site_scripting
如果iframe指向其他域,则会出现此错误。这是您的浏览器阻止跨站点脚本编写的示例:http://en.wikipedia.org/wiki/Cross-site_scripting