Menu
After upgraded electron from 4.1.4 to 5.0.0, I got this error
Blocked a frame with origin "file://" from accessing a cross-origin frame. at HTMLIFrameElement.preload (renderer.js:31:78)
I added new BrowserWindow({ webPreferences }) as shown here but this error still exist.
Here's my index.html
<html>
<head>
<meta charset="UTF-8">
<link rel="shortcut icon" href="favicon.ico" type="image/x-icon"/>
</head>
<body>
<iframe data-bind="visible: showIframe, attr:{src:appUrl}" allow="autoplay; geolocation; microphone; camera" allowfullscreen></iframe>
</body>
<script>
require('./renderer.js');
</script>
</html>
Here's some code from main.js
const {
autoUpdater
} = require('electron-updater');
const platform = require('os').platform();
const electron = require('electron');
const fs = require('fs-extra');
const CronJob = require('cron').CronJob;
const {
app,
BrowserWindow,
Tray,
Menu,
ipcMain
} = electron;
const path = require('path');
const url = require('url');
const {
appConf, uiConf
} = require('./config.json');
// Deep linked url
let deeplinkingUrl;
//global reference for main window
let mainWindow = null;
let mainWindowWidth = 1100;
let mainWindowHeight = 650;
if (uiConf.width) {
mainWindowWidth = uiConf.width;
}
if (uiConf.height) {
mainWindowHeight = uiConf.height;
}
app.on('ready', (e) => {
createWindow();
});
/**
* creating main window for app
*/
function createWindow () {
// Create the browser window.
mainWindow = new BrowserWindow({
webPreferences: {
nodeIntegration: true,
webSecurity: false
},
minWidth: mainWindowWidth,
width: mainWindowWidth,
minHeight: mainWindowHeight,
height: mainWindowHeight,
icon: path.join(__dirname, appConf.appIcon),
title: appConf.appName,
show: false
});
mainWindow.once('ready-to-show', () => {
mainWindow.show();
});
mainWindow.setMenu(null);
// and load the index.html of the app.
mainWindow.loadURL(url.format({
pathname: path.join(__dirname, 'index.html'),
protocol: 'file:',
slashes: true
}));
// Open the DevTools.
mainWindow.webContents.openDevTools();
}
Here's my renderer.js
(function () {
const {
ipcRenderer,
shell
} = require('electron');
const {
appConf
} = require('./config.json');
const checkInternetConnected = require('check-internet-connected');
/*
* For screenshare
*/
var appFrame = document.getElementsByTagName('iframe')[0];
function preload() {
document.getElementsByTagName('iframe')[0].contentWindow.desktopCapturer = require('electron').desktopCapturer;
document.getElementsByTagName('iframe')[0].contentWindow.electronOpenUrl = openUrlElectron;
document.getElementsByTagName('iframe')[0].contentWindow.deviceType = 'win';
}
appFrame.addEventListener('load', preload);
function sendToIFrame(type, data) {
appFrame.contentWindow.postMessage({
type: type,
data: data
}, "*");
}
function openUrlElectron(url) {
shell.openExternal(url);
}
// codes...
// codes...
// codes...
})();
The app works fine now, but I know my desktopCapturer will not work. I think contentWindow script elevation caused this issue or something I don't know.
556
The window. postMessage() method provides a controlled mechanism to securely circumvent this restriction. The window. postMessage() safely enables cross-origin communication between Window objects; e.g: between a page and an iframe embedded within it.
Cross-Origin Resource Sharing (CORS) is an HTTP-header based mechanism that allows a server to indicate any origins (domain, scheme, or port) other than its own from which a browser should permit loading resources.
This is a known issue after Chrome 67 enabled by default the site isolation security feature, and it gets reflected in any frameworks that use Chromium releases that include it (e.g. Electron 5+)
http://www.chromium.org/Home/chromium-security/site-isolation
When debugging with --disable-web-security, it may also be necessary to disable Site Isolation (using --disable-features=IsolateOrigins,site-per-process) to access cross-origin frames.
Here are some open issues regarding it
https://github.com/electron/electron/issues/18214
https://github.com/cypress-io/cypress/issues/1951
In Electron 5+, until this is solved you can add this line before app 'ready' event
app.commandLine.appendSwitch('disable-site-isolation-trials');
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
