Blocked a frame with origin JS Error when accessing SharePoint page in another web application

%3CLINGO-SUB%20id%3D%22lingo-sub-1540330%22%20slang%3D%22en-US%22%3EBlocked%20a%20frame%20with%20origin%20JS%20Error%20when%20accessing%20SharePoint%20page%20in%20another%20web%20application%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1540330%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20%2C%3C%2FP%3E%3CP%3EWe%20have%20two%20web%20applications%20in%20our%20SharePoint%202016%20farm(e.g.%20%3CA%20href%3D%22http%3A%2F%2Fabc%3A40109%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttp%3A%2F%2Fabc%3A40109%26nbsp%3B%20and%20http%3A%2F%2Fabc%3A50109%3C%2FA%3E).%3C%2FP%3E%3CP%20data-unlink%3D%22true%22%3EWe%20have%20to%20display%20SharePoint%20Page(e.g.%20%3CA%20href%3D%22http%3A%2F%2Fabc%3A40109(%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttp%3A%2F%2Fabc%3A40109%2FPages%2FFeedback.aspx)%3C%2FA%3E%20of%20web%20application%20(http%3A%2F%2Fabc%3A40109)%20into%20another%20web%20application%20in%20Modal%20Dialog%20box(which%20renders%20the%20page%20in%20iframe).%3C%2FP%3E%3CP%20data-unlink%3D%22true%22%3EThe%20page%20is%20display%20correctly%20and%20worked%20as%20expected.%20Moreover%20%2CAllowFraming%20control%20is%20already%20added.%26nbsp%3B%3C%2FP%3E%3CP%20data-unlink%3D%22true%22%3EWhen%20page%20is%20getting%20open%20and%20looking%20into%20console%20%2C%20it%20is%20showing%20below%20error%26nbsp%3B%3C%2FP%3E%3CP%20data-unlink%3D%22true%22%3E%26nbsp%3B%3C%2FP%3E%3CP%20data-unlink%3D%22true%22%3E%3CSTRONG%3Einit.js%3Frev%3DX4eySfc6naagwmlfS0Ythw%253D%253DTAG0%3A1%20Uncaught%20DOMException%3A%20Blocked%20a%20frame%20with%20origin%20%22http%3A%2F%2Fabc%3A40109%22%20from%20accessing%20a%20cross-origin%20frame.%3C%2FSTRONG%3E%3CBR%20%2F%3E%3CSTRONG%3Eat%20SPLoggers_module_def%20(http%3A%2F%2Fabc%3A40109%2F_layouts%2F15%2Finit.js%3Frev%3DX4eySfc6naagwmlfS0Ythw%253D%253DTAG0%3A1%3A259782)%3C%2FSTRONG%3E%3CBR%20%2F%3E%3CSTRONG%3Eat%20%24_global_init%20(http%3A%2F%2Fabc%3A40109%2F_layouts%2F15%2Finit.js%3Frev%3DX4eySfc6naagwmlfS0Ythw%253D%253DTAG0%3A1%3A42807)%3C%2FSTRONG%3E%3CBR%20%2F%3E%3CSTRONG%3Eat%20http%3A%2F%2Fabc%3A40109%2F_layouts%2F15%2Finit.js%3Frev%3DX4eySfc6naagwmlfS0Ythw%253D%253DTAG0%3A1%3A280218%3C%2FSTRONG%3E%3CBR%20%2F%3E%3CSTRONG%3ESPLoggers_module_def%20%40%20init.js%3Frev%3DX4eySfc6naagwmlfS0Ythw%253D%253DTAG0%3A1%3C%2FSTRONG%3E%3CBR%20%2F%3E%3CSTRONG%3E%24_global_init%20%40%20init.js%3Frev%3DX4eySfc6naagwmlfS0Ythw%253D%253DTAG0%3A1%3C%2FSTRONG%3E%3CBR%20%2F%3E%3CSTRONG%3E(anonymous)%20%40%20init.js%3Frev%3DX4eySfc6naagwmlfS0Ythw%253D%253DTAG0%3A1%3C%2FSTRONG%3E%3CBR%20%2F%3E%26nbsp%3B%3C%2FP%3E%3CP%20data-unlink%3D%22true%22%3EThe%20code%20line%20in%20init.js%20(%3CSTRONG%3Eif(window.parent!%3Dnull%26amp%3B%26amp%3Btypeof%20window.parent.SP%3D%3D%22object%22%26amp%3B%26amp%3Btypeof%20window.parent.SP.CacheLogger%3D%3D%22object%22%26amp%3B%26amp%3Bwindow.parent.location.protocol%3D%3Dwindow.location.protocol%3C%2FSTRONG%3E)%20is%20trying%20access%20parent%20object.%26nbsp%3B%26nbsp%3B%3C%2FP%3E%3CP%20data-unlink%3D%22true%22%3E%26nbsp%3B%3C%2FP%3E%3CP%20data-unlink%3D%22true%22%3EWe%20have%20tried%20different%20solutions%20but%20nothing%20worked%20to%20remove%20that%20error.%20Below%20are%20some%20solutions%20we%20tried%26nbsp%3B%3C%2FP%3E%3CP%20data-unlink%3D%22true%22%3E%26nbsp%3B%3C%2FP%3E%3CP%20data-unlink%3D%22true%22%3E1.%20Adding%20Custom%20Headers%20like%20X-FrameOptions%20%2C%20Content-Security-Policy%20%2C%26nbsp%3BAccess-Control-Allow-Origin%20etc.%3C%2FP%3E%3CP%20data-unlink%3D%22true%22%3E2.%20Configured%20URL%20Writing%20.%3C%2FP%3E%3CP%20data-unlink%3D%22true%22%3E3.%20Setting%26nbsp%3BAllow%20external%20iframes%20in%20Html%20Field%20Security%20options%3C%2FP%3E%3CP%20data-unlink%3D%22true%22%3E%26nbsp%3B%3C%2FP%3E%3CP%20data-unlink%3D%22true%22%3EAny%20help%26nbsp%3B%20will%20be%20appreciated.%3C%2FP%3E%3CP%20data-unlink%3D%22true%22%3E%26nbsp%3B%3C%2FP%3E%3CP%20data-unlink%3D%22true%22%3EThanks%3C%2FP%3E%3CP%20data-unlink%3D%22true%22%3EAnkur%20Parmar%3C%2FP%3E%3CP%20data-unlink%3D%22true%22%3E%26nbsp%3B%3C%2FP%3E%3CP%20data-unlink%3D%22true%22%3E%26nbsp%3B%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1540330%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3E2016%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3ESecurity%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3ESharePoint%20Server%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E
Highlighted
New Contributor

Hi ,

We have two web applications in our SharePoint 2016 farm(e.g. http://abc:40109  and http://abc:50109).

We have to display SharePoint Page(e.g. http://abc:40109/Pages/Feedback.aspx) of web application (http://abc:40109) into another web application in Modal Dialog box(which renders the page in iframe).

The page is display correctly and worked as expected. Moreover ,AllowFraming control is already added. 

When page is getting open and looking into console , it is showing below error 

 

init.js?rev=X4eySfc6naagwmlfS0Ythw%3D%3DTAG0:1 Uncaught DOMException: Blocked a frame with origin "http://abc:40109" from accessing a cross-origin frame.
at SPLoggers_module_def (http://abc:40109/_layouts/15/init.js?rev=X4eySfc6naagwmlfS0Ythw%3D%3DTAG0:1:259782)
at $_global_init (http://abc:40109/_layouts/15/init.js?rev=X4eySfc6naagwmlfS0Ythw%3D%3DTAG0:1:42807)
at http://abc:40109/_layouts/15/init.js?rev=X4eySfc6naagwmlfS0Ythw%3D%3DTAG0:1:280218
SPLoggers_module_def @ init.js?rev=X4eySfc6naagwmlfS0Ythw%3D%3DTAG0:1
$_global_init @ init.js?rev=X4eySfc6naagwmlfS0Ythw%3D%3DTAG0:1
(anonymous) @ init.js?rev=X4eySfc6naagwmlfS0Ythw%3D%3DTAG0:1
 

The code line in init.js (if(window.parent!=null&&typeof window.parent.SP=="object"&&typeof window.parent.SP.CacheLogger=="object"&&window.parent.location.protocol==window.location.protocol) is trying access parent object.  

 

We have tried different solutions but nothing worked to remove that error. Below are some solutions we tried 

 

1. Adding Custom Headers like X-FrameOptions , Content-Security-Policy , Access-Control-Allow-Origin etc.

2. Configured URL Writing .

3. Setting Allow external iframes in Html Field Security options

 

Any help  will be appreciated.

 

Thanks

Ankur Parmar

 

  

0 Replies