Error Setting IFrame Src - Not allowed to load local resource
2,970 views
Skip to first unread message
Lasa Jay
Jun 23, 2014, 8:20:29 PM6/23/14
to chromium...@chromium.org
Hi All,
Google chrome is throwing the error "Not allowed to load local resource" when trying to set an iframe src using javascript.
Basically, I'm trying to get a explorer like view within the iframe by setting the src to a local network path eg: file:///\\server\folder
I realize this is a security feature but hoping there is a workaround to achieve what I want.
Thanks in Advance.
Lasa.
PhistucK
Jun 24, 2014, 1:50:38 AM6/24/14
to lasaj...@gmail.com, Chromium-discuss
This is not recommended as it exposes the user to any possible web attack and can reveal all of your local data to the web, but, if you do this in a controlled environment - --disable-web-security may help
☆PhistucK
--
--
Chromium Discussion mailing list: chromium...@chromium.org
View archives, change email options, or unsubscribe:
http://groups.google.com/a/chromium.org/group/chromium-discuss
To unsubscribe from this group and stop receiving emails from it, send an email to chromium-discu...@chromium.org.
Lasa Jay
Jun 24, 2014, 1:57:47 PM6/24/14
to chromium...@chromium.org, lasaj...@gmail.com
Thanks for your reply.
I have tried the command line parameter and now getting a different error. The web page is delivered over HTTPS and when I try to load the iframe Chrome returns the following error.
The page at 'https://xyz.com' was loaded over HTTPS, but ran insecure content from 'file://server/folder': this content should also be loaded over HTTPS.
I tried the option --allow-running-insecure-content but still gets the same error.
Any suggestions?
PhistucK
Jun 24, 2014, 2:23:59 PM6/24/14
to Lasa Jay, Chromium-discuss, security-dev
This is weird. I would expect disabling web security to disable this security feature as well. And if not, the flag you mentioned should have done it.
There are also --allow-file-access, --allow-file-access-from-files and --reduce-security-for-testing. Maybe they would help. Of course, it is not recommended at all to enable them and makes you extremely vulnerable to any attack.
There are also --allow-file-access, --allow-file-access-from-files and --reduce-security-for-testing. Maybe they would help. Of course, it is not recommended at all to enable them and makes you extremely vulnerable to any attack.
(Added security-dev to the loop)
☆PhistucK
Lasa Jay
Jun 24, 2014, 2:38:28 PM6/24/14
to chromium...@chromium.org, lasaj...@gmail.com, securi...@chromium.org
Thanks for your reply again.
I have tried all the provided flags in one command but still getting the same error.
chrome.exe --allow-running-insecure-content --disable-web-security --allow-file-access --allow-file-access-from-files --reduce-security-for-testing
Reply all
Reply to author
Forward
0 new messages