search

Adobe-CEP / CEP-Resources

Tools and documentation for building Creative Cloud app extensions with CEP
https://www.adobe.io/apis/creativecloud/cep.html
1.62k stars 828 forks source link

CEP 11: CORS issue "Blocked a frame with origin https://***.com from accessing a cross-origin frame" #386

Open MayaAnusiya opened 3 years ago

MayaAnusiya commented 3 years ago

Hi Team, We have a CEP extension which renders web content inside frame and also iframe content will communicate with panel extension ex: top.function() - here top is refered as panel extension. After upgrading to AI25.3.1/CEP 11 we are getting CORS issue in console as *"Blocked a frame with origin https://.com from accessing a cross-origin frame"** .

We tried some of the recommended fixes in github. We have added the following parameters to the manifest.xml

<CEFCommandLine>
   <Parameter>--disable-site-isolation-trials</Parameter>
   <Parameter>--disable-features=SameSiteByDefaultCookies,CookiesWithoutSameSiteMustBeSecure</Parameter>
</CEFCommandLine>

After adding the above parameters in our manifest.xml we don't see an error in console but, iframe content is not able to access the panel extension JS methods.

Any thoughts or suggession for the communication between iframe content and panel extension JS methods.

sujaisivanandan commented 3 years ago

@MayaAnusiya CORS restrictions in the latest CEF are the new web security features enabled. I would recommend that you look at the sites and explicitly allow them to be framed using Access-Control-Allow-Origin header.

If your issue is related to communication between cross-site iFrames you can also solve this using post messages. Do refer: https://github.com/Adobe-CEP/CEP-Resources/issues/365 https://github.com/Adobe-CEP/CEP-Resources/issues/364