electron: Blocked a frame with origin "file://" from accessing a cross-origin frame
Issue Details
- Electron Version:
- 5.0.4+, 6.0.0+
- Operating System:
- MacOS 10.14.6, Win 7, Win 10
- Last Known Working Electron version:
- 5.0.3
Expected Behavior
When I use native chrome window.open function, I’d like to have windows communication way using window.opener.
Actual Behavior
When I try to access data stored in parent window, I got security error:
Uncaught DOMException: Blocked a frame with origin "file://" from accessing a cross-origin frame.
No matter both windows origin is ‘file:’.
To Reproduce
Sample in attachments To reproduce:
npm i
npm start
Reload document (cmd+R) Click “New child window” Observe child window console
About this issue
- Original URL
- State: closed
- Created 5 years ago
- Reactions: 13
- Comments: 18 (3 by maintainers)
If somebody is looking for workaround, I found a solution:
protocol.interceptFileProtocolallows to interceptfile://as well. So if you have a window /project/index.html and you need to load /project/child.html usingwindow.open, do the following:load /project/index.html#child, so it will be interpreted as the same origin
replace index.html#child with child.html in main process:
use the electron protocol.registerSchemesAsPrivileged. eg: customFileProtocol app://. It’s can be solved.
https://www.electronjs.org/docs/latest/api/protocol#protocolregisterschemesasprivilegedcustomschemes
eg: https://nklayman.github.io/vue-cli-plugin-electron-builder/ It.s use protocol.registerSchemesAsPrivileged
Unique
file://URLs are all considered on different origins for security reasons, this is the same behavior as a browser