All Questions

150
votes
11answers
494252 views

Ways to circumvent the same-origin policy

The same origin policy I wanted to make a community wiki regarding HTML/JS same-origin policies to hopefully help anyone searching for this topic. This is one of the most searched-for topics on SO an...
1650
votes
34answers
2693960 views

Why does my JavaScript get a "No 'Access-Control-Allow-Origin' header is present on the requested resource" error when Postman does not?

I am trying to do authorization using JavaScript by connecting to the RESTful API built in Flask. However, when I make the request, I get the following error: XMLHttpRequest cannot load http://myA...
688
votes
11answers
558206 views

jQuery/JavaScript: accessing contents of an iframe

I would like to manipulate the HTML inside an iframe using jQuery. I thought I'd be able to do this by setting the context of the jQuery function to be the document of the iframe, something like: $(...
269
votes
4answers
447473 views

SecurityError: Blocked a frame with origin from accessing a cross-origin frame

I am loading an <iframe> in my HTML page and trying to access the elements within it using Javascript, but when I try to execute my code, I get the following error: SecurityError: Blocked a fra...
53
votes
4answers
72079 views

Catch error if iframe src fails to load . Error :-"Refused to display 'http://www.google.co.in/' in a frame.."

I am using Knockout.js to bind iframe src tag(This will be configurable with respect to User). Now, if user has configured http://www.google.com (i know it won't load in iframe, thats why i am using...
101
votes
3answers
74611 views

Cross Domain Form POSTing

I've seen articles and posts all over (including SO) on this topic, and the prevailing commentary is that same-origin policy prevents a form POST across domains. The only place I've seen someone sugg...
26
votes
5answers
86505 views

Google Chrome --allow-file-access-from-files disabled for Chrome Beta 8

I have been developing an AJAX application using jQuery and Microsoft Seadragon technology. I need to have access to the html5 canvas function toDataURL. With Google Chrome, the same origin rule appl...
77
votes
5answers
102615 views

Disable firefox same origin policy

I'm developing a local research tool that requires me to turn off Firefox's same origin policy (in terms of script access, I don't really care about cross domain requests). More specifically, I want...
9
votes
2answers
18225 views

Getting around same origin policy in javascript without server side scripts

I have an environment that doesn't allow server side scripting really (it is extremely difficult to get a script "installed" on the server). I tried using an iframe to violate javascript's same origin...
35
votes
3answers
68180 views

Using iframe with local files in Chrome

I am having a tough time figuring out how to access a page loaded in an iframe from the outer page. Both pages are local files, and I'm using Chrome. I have an outer page, and many inner pages. The...

Previous Next