1. 首页
  2. 问答
  3. Javascript安全错误

Javascript安全错误

2017-08-22 40 views
1

所以我用node.js(watch-http-server)创建了一个本地web服务器。当我跑下面时,它完全符合堆栈的片段。然而,问题是当我在我的本地WebJavascript安全错误

的SecurityError上运行它:权限被拒绝跨域对象

$(function(){ 
 
\t alert('load'); 
 
});
body, html{ 
 
\t padding: 0; 
 
\t margin: 0; 
 
\t cursor: default; 
 
\t overflow: hidden; 
 
\t background: url("../res/background.png") no-repeat; 
 
\t background-size: cover; 
 
} 
 
.stream-container{ 
 
\t position: fixed; 
 
\t margin: 0; 
 
\t padding: 0; 
 

 
\t top: 2%; 
 
\t left: 5%; 
 
} 
 
.chat-container{ 
 
\t position: fixed; 
 
\t margin: 0; 
 
\t padding: 0; 
 
\t 
 
\t top: 33%; 
 
\t left: 5%; 
 
}
<!Doctype html> 
 
<html lang="en"> 
 
<head> 
 
<meta charset="utf-8"> 
 

 
<title> Twitch Bot </title> 
 
<meta name="author" content="Author"> 
 

 
\t <link rel="stylesheet" href="../css/styles.css"> 
 
</head> 
 
<body> 
 
    <div class="stream-container"> 
 
\t <iframe id = "stream-frame" src="https://player.twitch.tv/?channel=dyarambo" height="300px" width="30px" frameborder="0" scrolling="no" allowfullscreen="false"></iframe> 
 
    </div> 
 
    <div class="chat-container"> 
 
     <iframe frameborder="0" scrolling="no" id="chat_embed" src="https://www.twitch.tv/lovenpk/chat?darkpopout" height="300px" width="300px"></iframe> 
 
    </div> 
 
    \t 
 

 
    <!-- Javascripts below --> 
 
    <script src="https://code.jquery.com/jquery-3.2.0.min.js"></script> 
 
    <script type="text/javascript" scr="../js/index.js"></script> 
 
</body> 
 

 
</html>

任何想法上访问属性的“href”?

来源

2017-08-22 John Murray

回答

1

cross-origin security policy正在被违反。

的问题存在于你的iframe的用法:

<iframe id = "stream-frame" src="https://player.twitch.tv/?channel=dyarambo" height="300px" width="30px" frameborder="0" scrolling="no" allowfullscreen="false"></iframe>

MDN

Error: Permission denied to access property "x"

There was attempt to access an object for which you have no permission. This is likely an element loaded from a different domain for which you violated the same-origin policy.

由于您的localhost您正在从禁止从服务器服务于不同的域player.twitch.tv访问该服务器上的信息。这是网络内置的浏览器内限制。

此外,您的本地网络应用程序还需要与服务于player.twitch.tv的服务器在同一端口上运行。

来源

2017-08-23 00:08:36

0

MDN cross-origin security policy

Here are some examples of resources which may be embedded cross-origin: Anything with <frame> and <iframe>. A site can use the X-Frame-Options header to prevent this form of cross-origin interaction.

而且我试着在我的电脑测试用服务器的NodeJS监听在localhost:5555,没有引发SecurityError。

来源

2017-08-23 02:42:49 JianJian

相关问题

 相关问题