1. 首頁
  2. 問答
  3. Javascript安全錯誤

Javascript安全錯誤

2017-08-22 62 views
1

所以我用node.js(watch-http-server)創建了一個本地web服務器。當我跑下面時,它完全符合堆棧的片段。然而,問題是當我在我的本地WebJavascript安全錯誤

的SecurityError上運行它:權限被拒絕跨域對象

$(function(){ 
 
\t alert('load'); 
 
});
body, html{ 
 
\t padding: 0; 
 
\t margin: 0; 
 
\t cursor: default; 
 
\t overflow: hidden; 
 
\t background: url("../res/background.png") no-repeat; 
 
\t background-size: cover; 
 
} 
 
.stream-container{ 
 
\t position: fixed; 
 
\t margin: 0; 
 
\t padding: 0; 
 

 
\t top: 2%; 
 
\t left: 5%; 
 
} 
 
.chat-container{ 
 
\t position: fixed; 
 
\t margin: 0; 
 
\t padding: 0; 
 
\t 
 
\t top: 33%; 
 
\t left: 5%; 
 
}
<!Doctype html> 
 
<html lang="en"> 
 
<head> 
 
<meta charset="utf-8"> 
 

 
<title> Twitch Bot </title> 
 
<meta name="author" content="Author"> 
 

 
\t <link rel="stylesheet" href="../css/styles.css"> 
 
</head> 
 
<body> 
 
    <div class="stream-container"> 
 
\t <iframe id = "stream-frame" src="https://player.twitch.tv/?channel=dyarambo" height="300px" width="30px" frameborder="0" scrolling="no" allowfullscreen="false"></iframe> 
 
    </div> 
 
    <div class="chat-container"> 
 
     <iframe frameborder="0" scrolling="no" id="chat_embed" src="https://www.twitch.tv/lovenpk/chat?darkpopout" height="300px" width="300px"></iframe> 
 
    </div> 
 
    \t 
 

 
    <!-- Javascripts below --> 
 
    <script src="https://code.jquery.com/jquery-3.2.0.min.js"></script> 
 
    <script type="text/javascript" scr="../js/index.js"></script> 
 
</body> 
 

 
</html>

任何想法上訪問屬性的「href」?

來源

2017-08-22 John Murray

回答

1

cross-origin security policy正在被違反。

的問題存在於你的iframe的用法:

<iframe id = "stream-frame" src="https://player.twitch.tv/?channel=dyarambo" height="300px" width="30px" frameborder="0" scrolling="no" allowfullscreen="false"></iframe>

MDN

Error: Permission denied to access property "x"

There was attempt to access an object for which you have no permission. This is likely an element loaded from a different domain for which you violated the same-origin policy.

由於您的localhost您正在從禁止從服務器服務於不同的域player.twitch.tv訪問該服務器上的信息。這是網絡內置的瀏覽器內限制。

此外,您的本地網絡應用程序還需要與服務於player.twitch.tv的服務器在同一端口上運行。

來源

2017-08-23 00:08:36

0

MDN cross-origin security policy

Here are some examples of resources which may be embedded cross-origin: Anything with <frame> and <iframe>. A site can use the X-Frame-Options header to prevent this form of cross-origin interaction.

而且我試着在我的電腦測試用服務器的NodeJS監聽在localhost:5555,沒有引發SecurityError。

來源

2017-08-23 02:42:49 JianJian

相關問題

 相關問題