How will i allow requests from other origins in server side(New York) instance?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎12-30-2019 05:57 AM
This is the error i am getting when i have to make a call to another domain
Uncaught DOMException: Blocked a frame with origin "https://domain" from accessing a cross-origin frame.
at HTMLIFrameElement.<anonymous> (https://dev91262.service-now.com/scripts/sn/concourse/js_includes_concourse.jsx?v=09-24-2019_1701&lp=Sat_Dec_21_12_50_00_PST_2019&c=5_59:26486:29)
at HTMLIFrameElement.dispatch (https://dev91262.service-now.com/scripts/sn/concourse/js_includes_concourse.jsx?v=09-24-2019_1701&lp=Sat_Dec_21_12_50_00_PST_2019&c=5_59:19:7537)
at HTMLIFrameElement.r.handle (https://dev91262.service-now.com/scripts/sn/concourse/js_includes_concourse.jsx?v=09-24-2019_1701&lp=Sat_Dec_21_12_50_00_PST_2019&c=5_59:19:5620)
- Labels:
-
Integrations
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎01-02-2020 07:16 AM
Sounds like you are getting CORS issues on the other site. The domain you are hitting, needs to allow inbound calls from the current domain. So if you are hitting example.com, then example.com needs to allow dev91262.service-now.com. If you're doing it the other way, you can add CORS rules here in SN;
MDN Docs on CORS https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎09-10-2023 11:19 PM
This error "Blocked a frame with origin from accessing a cross-origin frame" is not a bug. The same-origin policy is a security mechanism that ensures that window objects only have access to the informations they are authorized to get. To fix this issue, ensure that both the parent page and the iframe content are served from the same domain or implement Cross-Origin Communication techniques such as postMessage to safely communicate and exchange data between the two frames.
The window.postMessage() method provides a controlled mechanism to securely circumvent this Same-Origin Policy restriction. The window.postMessage() safely enables cross-origin communication between Window objects; e.g: between a page and an iframe embedded within it.
postMessage(message, targetOrigin)
postMessage(message, targetOrigin, [transfer])
targetOrigin - specifies what the origin of targetWindow must be for the event to be dispatched, either as the literal string "*" (indicating no preference) or as a URI.
If you don't have control over the content in the iframe, you won't be able to directly access its elements due to security restrictions.
