Drew Lilley Drew Lilley - 1 year ago 66
Javascript Question

Site blocks javascript in Stumbleupon Iframe

I'm trying to add some pages from my site www.drewgl.com to stumbleupon. It is very dependent on javascript. When I view my site through stumbleupon the javascript gets blocked. Specifically, I see the error:

Uncaught SecurityError: Blocked a frame with origin
"http://www.drewgl.com" from accessing a frame with origin
"http://www.stumbleupon.com". Protocols, domains, and ports must match

I'm using rails 4 deployed to heroku. I have my X-frame options set to allow all. I read through the answers here:
SecurityError: Blocked a frame with origin from accessing a cross-origin frame
and it seems as if the only way to get around this issue is to use window.postmessage to send messages between the two pages. To do this, however, you must own both pages.

Of course, this condition cannot be met with Stumbleupon, so how can I get around the issue?

Edit: I just downloaded the stumbleupon toolbar for chrome. After doing this, I no longer get the above error message. Either way I'd still like to fix this problem for stumblers that don't have the toolbar.

Answer Source

Figured it out. If anyone's curious, you're not allowed to access the current path from within an iframe. This chunk of code was causing the issue:

//     if (top.location.pathname === '/users/sign_in')
// {
//     $('#login').modal('show');
// }