Hello,
I'm using the postMessage feature to send messages between a web page and iframe which reside on different domains. This is working correctly in all tested browsers as well as the current Chrome 49, but in Chrome 50 I'm seeing errors when the iframe attempts to send a message back to the parent.
Processing flow:
1. The parent site successfully posts the initial message to the iframe using postMessage.
2. The iframe receives, validates, and processes the message correctly.
3. The iframe uses the incoming message's "source" property as the window object to post a return message to using postMessage.
4. When attempting to postMessage back to the parent, I see two errors in the console:
DOMException: Blocked a frame with origin "[iframe domain]" from accessing a cross-origin frame.
Uncaught SecurityError: Blocked a frame with origin "[iframe domain]" from accessing a frame with origin "[parent domain]". Protocols, domains, and ports must match.
The reason for using postMessage is specifically to allow for cross-origin communication. In Chrome 50, the errors are only occurring with a few web sites, while other web sites using the same exact iframe work as expected. Given this, I suspect there is something different about the few sites that are not working that Chrome 50 is handling differently compared to Chrome 49.
Has anything changed in Chrome 50 that should affect postMessage validation? I've considered how postMessage is being used in my code, response headers, and doctypes, and no solution has surfaced yet.
Any help would be much appreciated!
Thank you,
Jeff