Chrome 50 postMessage Errors from IFrame

[japh10409]

Hello,

I'm using the postMessage feature to send messages between a web page and iframe which reside on different domains. This is working correctly in all tested browsers as well as the current Chrome 49, but in Chrome 50 I'm seeing errors when the iframe attempts to send a message back to the parent.

Processing flow:

1. The parent site successfully posts the initial message to the iframe using postMessage.

2. The iframe receives, validates, and processes the message correctly.

3. The iframe uses the incoming message's "source" property as the window object to post a return message to using postMessage.

4. When attempting to postMessage back to the parent, I see two errors in the console:

DOMException: Blocked a frame with origin "[iframe domain]" from accessing a cross-origin frame.

Uncaught SecurityError: Blocked a frame with origin "[iframe domain]" from accessing a frame with origin "[parent domain]". Protocols, domains, and ports must match.

The reason for using postMessage is specifically to allow for cross-origin communication. In Chrome 50, the errors are only occurring with a few web sites, while other web sites using the same exact iframe work as expected. Given this, I suspect there is something different about the few sites that are not working that Chrome 50 is handling differently compared to Chrome 49.

Has anything changed in Chrome 50 that should affect postMessage validation? I've considered how postMessage is being used in my code, response headers, and doctypes, and no solution has surfaced yet.

Any help would be much appreciated!

Thank you,

Jeff

[talip korkmaz]

Hi, I'm getting the same error.Chrome 49 is working well but 50 version is still gives "Blocked a frame with origin .." error.

Is there any progress with this problem? Any help would be appreciated.

[Daniel]

I'm hitting (probably) the same issue.
I have a client application communicating with another app loaded inside an iframe via postMessage.
The latest update to Chrome 50.0.2661.94 m breaks the messaging between the two.
I already experienced this behavior in Canary 52.0.2722.0.

Is this a bug or some new restriction on iframe communication?

Jeff, did You found a solution meanwhile?

[talip korkmaz]

Hi, Solution is changing the name "postMessage" for a function which contains iframe.

5 Mayıs 2016 Perşembe 13:34:30 UTC+3 tarihinde Daniel yazdı:

[japh10409]

Hello -- I found that the issue in our case was a custom global postMessage function that was defined by the parent application. Changing the name of that function resolved the issue. My guess is this is a new security feature built into Chrome 50+ to protect the built-in postMessage function and not allow applications to override it.

[Daniel Ferenc Szak]

Thank You Jeffrey, that was the problem in my case as well!
Solved by renaming the method.

--
--
Chromium Discussion mailing list: chromium...@chromium.org
View archives, change email options, or unsubscribe:
http://groups.google.com/a/chromium.org/group/chromium-discuss

---
You received this message because you are subscribed to the Google Groups "Chromium-discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to chromium-discu...@chromium.org.

[鹏程]

Hi jeff,

What is the exactly meaning of changing the name of that function? I'm getting the same error.

Thank you.

在 2016年5月7日星期六 UTC+8下午6:15:41，japh10409写道：

[SIVA RAMA KRISHNA BANDARU]

Can someone please help out what exactly to change ?

What does changing the name of function really mean ?

[Kirill]

Check is there custom global function with name "postMessage" in you code and rename it to something else. I had the same problem. This should help.