1

I came across this weird bug in the facebook.com page where the AJAX loaded parts (or however you call the technique facebook uses) didn't load (e.g. the chat, the notifications etc.).

When I fired up the developer's console, it gave me this JavaScript error: 

Unsafe JavaScript attempt to access frame with URL 
https://www.facebook.com/ai.php[*] from frame with URL 
https://www.facebook.com/. 
Domains, protocols and ports must match.

*stripped quite a long base64-esque part - I think that's login data so I won't publish that.

I tried googling it and I came across several similar problems, so I dug in some more not to double post, but the other's errors where thrown when they were using the API of facebook via some kind of app. I don't do that, I just use Chrome 20.0.1132.47 (Mac) to visit the facebook.com page.

The error was explained on the other posts as a security measure by Chrome (and apparently Safari, too) to prevent some cookies inside a frame to be saved outside the frame. Preventing XSS and whatnot.

THE POSTS I FOUND:

Facebook gives "Unsafe JavaScript attempt to access frame with URL" error in Chrome

Unsafe JavaScript attempt to access a frame when using secure browsing on Facebook

The channel file and CDN

tl;dr:

facebook call in Chrome 20 (mac) gives error usually only given on js API calles (security measure against xss)

4

1 回答 1

2

This is a common error if the protocols don't match. Make sure that if you are accessing the page using HTTPS, that your code has the correct HTTPS includes for JavaScript / CSS / images etc. Make sure the channel.html file is loaded using HTTPS (or make it protocol independent).

于 2012-07-30T15:23:11.567 回答