Unsafe JavaScript attempt to access frame with URL

I am getting the below error when i try to set a hash value to the parent url from iframe which contains another domain url:

Unsafe JavaScript attempt to access frame with URL "URL1" from frame with URL "URL2". Domains, protocols and ports must match.

How can I fix this problem?



From a child document of different origin you are not allowed access to the top window's location.hash property, but you are allowed to set the location property itself.

This means that given that the top windows location is http://example.com/page/, instead of doing

parent.location.hash = "#foobar";

you do need to know the parents location and do

parent.location = "http://example.com/page/#foobar";

Since the resource is not navigated this will work as expected, only changing the hash part of the url.

If you are using this for cross-domain communication, then I would recommend using easyXDM instead.


Crossframe-Scripting is not possible when the two frames have different domains -> Security.

See this: http://javascript.about.com/od/reference/a/frame3.htm

Now to answer your question: there is no solution or work around, you simply should check your website-design why there must be two frames from different domains that changes the url of the other one.


A solution could be to use a local file which retrieves the remote content


$url = $_GET['url'];
$contents = file_get_contents($url);
echo $contents;


<iframe frameborder="1" id="frametest" src="/remoteInclude.php?url=REMOTE_URL_HERE"></iframe>
    $("#frametest").load(function (){       
    var contents =$("#frametest").contents();


The problem is even if you create a proxy or load the content and inject it as if it's local, any scripts that that content defines will be loaded from the other domain and cause cross-domain problems.


I was getting the same error message when I tried to chamge the domain for iframe.src.

For me, the answer was to change the iframe.src to a url on the SAME domain, but which was actually an html re-direct page to the desired domain. The other domain then showed up in my iframe without any errors.

Worked like a charm. :)


I found that using the XFBML version of the Facebook like button instead of the HTML5 version fixed this problem. Add the below code where you want the button to appear:

<div id="fb-root"></div>
<script>(function (d, s, id) {
    var js, fjs = d.getElementsByTagName(s)[0];
    if (d.getElementById(id)) return;
    js = d.createElement(s); js.id = id;
    js.src = "//connect.facebook.net/en_GB/all.js#xfbml=1";
    fjs.parentNode.insertBefore(js, fjs);
}(document, 'script', 'facebook-jssdk'));</script>

<fb:like send="true" layout="button_count" width="50" show_faces="false" font="arial"></fb:like>

Then add this to your HTML tag:


Read something about Javascript access security here:

Specifically about implementing Vimeo and JavaScript unsafe access, I found this on a discussion on the Vimeo forums:

If you're using a webkit browser (Safari or Chrome) that error is actually coming from the Webkit Inspector trying to access the iframe (the Webkit Inspector is actually written in HTML and Javascript).

The thing to make sure is that you can't call any of the api or addEvent methods on the iframe until the player has finished loading. As per the example, you need to add the "onLoad" event first and then execute your code inside of that handler.

And second, I checked link you provided, and it loads fast and fine to me, so it is definitely not reason why you keep having this page loading long time


The Chrome don't allow you to do that. Code from Iframe cannot access parent code.


First, check that both pages are being referenced using the SRC attr of the iframe in exactly the same way, I mean:


beacause it is possible, that even if they are running in the same machine, one of those iFrames is called like:


and the other:


or any other combination.

You can check it by inspecting the code with the Developer tools in all modern browsers.

Chrome allows you to call parent's function if they are in the same domain (I do it everyday), so there shouldnt be any problem.

I use this function to acces children iFrames:

var getIframe = function (id) {
    if ($.browser.mozilla) return document.getElementById(id).contentWindow;
    return window.frames[id];

and just "parent.yourParentFunction()" when you want to access a function in the parent.

Check that the parent's function is assigned to the Window object (global namespace)

Good luck with that :-)


The parent frame may have set a document.domain value different from "samedomain". Update the document.domain property in the iframe js to the value set in the parent frame and it should work.


Recent Questions

Top Questions

Home Tags Terms of Service Privacy Policy DMCA Contact Us

©2020 All rights reserved.