Cross-origin frame issue while accessing the iframe contentDocument property

Question

What I need: I want to inject scripts in to all iframes (windows) presented in a web page (as part of my chrome extension development).

While doing so I am accessing iframe element contentDocument property, its causing the below error mentioned.

Error: Error: Failed to read the 'contentDocument' property from 'HTMLIFrameElement': Blocked a frame with origin "xxx.com" from accessing a cross-origin frame. at Error (native) at checkLoaded (chrome-extension://hkdhfkdhfkdhfkdhfkdhfkdhkdkd/js/app.js:152:33)

I know we can't access elements or frames that have a different domain. But that is not the case in my scenario.

How I verified it:

Protocol = https (Not able mention it as part of URLs as stackoverflow is not allowing me do so)

iframe.src = xxx.com/dfg/rty?id=50061000000pOCB&isdtp=vw&inCon…85f85811b751bf4b4a18b5e&IFrameOrigin=https%3A%2F%2Fxxx

iframe.ownerdocument.location.origin = xxx.com

From the above information we can understand both the iframe and its parent document are having same domain.

then I checked the document domain from where I am executing the script (chrome extension content script page), since content script shares the same document as web-page I got the same domain (xxx.com), but the content-script url is different (chrome-extension://kfhdkfdhfildfldf/js/app.js). Do this causing the issue.

Can any one please try to explain me why cross-origin issue is occurring though the domains are same across the iframes.

Answer 1

As I said in the question, my requirement is to inject scripts in to each child window(iframes).

If we add "all_frames":true then chrome browser will evaluate content-scripts on each iframe, it solves my requirement. From content script by accessing document object I am injecting the scripts.

For more info: access iframe content from a chrome's extension content script

Note: Still I don't know why I am facing cross-origin issue.