Open slavap opened 1 month ago
I suspect this is the same issue as https://github.com/dart-lang/sdk/issues/54443.
The general complication is that null-checks violate cross-origin policy as it's a toString
call in JS. This is true for the JS compilers, whereas I believe dart2wasm likely avoids this issue due to how it does its null-checks and then immediately boxes. Using a conditional import could probably also work as a workaround if so.
Fixing this will likely involve a runtime type that dart2js/ddc knows not to call any members on, or providing some other interface that allows users to make cross-origin calls while avoiding null and type-checks in the JS compilers. dart:html
does the latter.
@srujzs Looks like the same problem in devtools was "solved" by disabling dart2js optimizations :-( Also trick with safelyPostMessage() extension is not working.
I am trying to migrate from html package, and figured out that it is impossible to call postMessage() for iframe with content from another domain.
The same code with html package works without any security exceptions.
I'm getting the following error when accessing myIFrame.contentWindow: SecurityError: Failed to read a named property from 'Window': Blocked a frame with origin "http://localhost:51005" from accessing a cross-origin frame.
There is a quite ugly workaround for this issue.
Add to index.html:
Then in Dart:
And the following call works without any errors again: