3

I know iterations of this question have been answered a lot, but I couldn't find a valid answer among them

I have an iframe and I want to play with it using javascript to test stuff. It's for personal testing only, I don't want it public.

I want a browser that allows me to do this without getting "Uncaught DOMException: Blocked a frame with origin X from accessing a cross-origin frame.

I've tried:

  • to open chrome with "C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-web-security --user-data-dir=~/chromeTemp
  • to disable all security in Firefox
  • to install CORS disabling plugins.

For some reason, the browsers still throw that error.

I know I can write a script in another environment like node to load and manipulate the page, but I want to do it in a browser

So is there a browser that has no cross-domain security, or no security at all, but supports html5 for test purposes?

Nertan Lucian
  • 362
  • 4
  • 16
  • It's not that you need a special browser, all you need is a web server. Basic Apache is enough here, or a similar solution for static pages. Once `localhost` is serving both your main page and the iframe's page, the error will be gone. –  Nov 09 '20 at 22:26
  • How exactly are you using the iframe to "test stuff"? – Taplar Nov 09 '20 at 22:53
  • @ChrisG Not if the other server is remote – Nertan Lucian Nov 11 '20 at 15:54
  • @Taplar I don't know why this is relevant to the answer, but it's way faster personally to automate stuff with javascript, than relying on selenium or others and I can do it online. Are there other better solutions? Maybe, but I'm interested in this – Nertan Lucian Nov 11 '20 at 16:00
  • The relevance is that you are trying to circumvent CORS. And *test stuff* can mean different things, from running functional tests against an existing site, or for testing code such as how https://jsfiddle.net uses iframes to segregate their different inputs and the computed output. If the goal is to do something similar to what jsfiddle does, then the discussion turns to focusing on how to create empty iframes and inject logic into them, which does not have any CORS issues. – Taplar Nov 11 '20 at 16:03
  • @Taplar I see. No, the iframes have no postMessage interfacing, and I don't want them to have that layer. I looking to control an iframe with javascript for personal use, bypassing CORS, not for a public solution – Nertan Lucian Nov 11 '20 at 16:07
  • True, but that means you're essentially looking for software, which means this question is OT –  Nov 11 '20 at 16:31
  • 1
    @ChrisG of topic how? All coding / testing is done in a "software" unless you use assembly. I'm looking for a solution related to a code issue, not a specific software. Maybe there's a way to disable CORS in any modern browser. The second most upvoted question is about Git which is software: https://stackoverflow.com/questions/927358/how-do-i-undo-the-most-recent-local-commits-in-git. Why do we even have this nitpicking – Nertan Lucian Nov 11 '20 at 16:42
  • Since we are already nitpicking: asking how to do something specific with git is fine, and different from asking people for recommendations for software solutions, which is off topic. The close reason is called `Seeking recommendations for books, tools, software libraries, and more`, which imo fits this question. You'll note that I haven't flagged is such though. –  Nov 11 '20 at 16:46
  • @ChrisG is there a better fit community for this? I will move the question there – Nertan Lucian Nov 11 '20 at 16:48
  • I don't think so; my advice would be to use selenium. It's going to be way faster to write a bunch of selenium lines than looking for an insecure browser to learn how to do something that has no practical value anyway :) –  Nov 11 '20 at 18:04

1 Answers1

3

In recent versions of Chrome (77+), in addition to --disable-web-security, you've have to add the --disable-site-isolation-trials flag to access cross origin frames.

The command line to start Chrome will be something like

chrome.exe --disable-web-security --user-data-dir="C:\Users\Administrator\chrome-profile" --disable-site-isolation-trials

Source: https://www.chromium.org/Home/chromium-security/site-isolation

Extreme Coders
  • 3,441
  • 2
  • 39
  • 55
  • It's already doesn't work. There're exist any other solutions? May be some custom browser version which haven't any security policies at all? – MrModest Dec 12 '21 at 10:25