我想允许用户输入他们的网址并在 iframe 中浏览。 他们点击确认按钮后,我将从 iframe 中获取浏览的 url。
IFrameElement frame = IFrameElement.as(DOM.createIFrame());
frame.setSrc("http://www.example.com"); //set the url of user enter
VerticalPanel ver = new VerticalPanel();
ver.getElement().appendChild(frame);
// After they click the confirm button, get the url from iframe
Window.alert(frame.getContentDocument().getURL());
但是从 iframe 获取 url 后出现错误
Exception: com.google.gwt.event.shared.UmbrellaException: Exception caught: (SecurityError) : Blocked a frame with origin "http://localhost" from accessing a cross-origin frame.
最佳答案
简而言之:你不应该这样做,你也不能这样做。
<小时/>第一:
某些页面的作者根本不想让他们的页面显示在框架中。例如,尝试使用 Facebook,您将得到:
Refused to display 'https://www.facebook.com/' in a frame because it set 'X-Frame-Options' to 'deny'.
还可以检查(使用脚本)页面是否在框架中并“突破”并获取主窗口,http://www.interia.pl/就是一个例子。
因此,有些页面无法在框架中显示。
<小时/>第二:
Simply stated, the SOP states that JavaScript code running on a web page may not interact with any resource not originating from the same web site. The reason this security policy exists is to prevent malicious web coders from creating pages that steal web users’ information or compromise their privacy. While very necessary, this policy also has the side effect of making web developers’ lives difficult.
关于javascript - GWT 阻止来源为 "http://localhost"的框架访问跨来源框架,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/47862088/