Joozty
commented
2 years ago Hi @andylacko 👋,
thanks for your report. We are aware of this behaviour in Safari and I can ensure you it does not break your application. As you may know, our SDK is able to record same-origin iframes. We use a particular function to determine whether the iframe is same-origin or cross-origin.. This function is pretty simple it just checks if contentDocument is defined. If it is not null it means iframe is same-origin. Sadly if you access contentDocument in a cross-origin iframe in Safari it returns null which is correct but it also prints this error in the console which cannot be caught.
To demonstrate I created an example for you:
// create some cross-origin iframe
const iframe = document.createElement("iframe");
iframe.src = "https://www.youtube.com/embed/S6D7IdAveZE";
iframe.onload = () => {
console.log(
"trying to access iframe.contentDocument to determine whether iframe is cross-origin or same-origin"
);
try {
// Safari displays error:
// Blocked a frame with origin "https://www.wikipedia.org" from accessing a frame with origin "https://www.youtube.com". Protocols, domains, and ports must match.
iframe.contentDocument;
} catch (error) {
console.log("error caught", error);
}
};
document.body.append(iframe);Sandbox link.
I am not aware of any better way to detect same/cross-origin. This is just how it is handled by Safari and I am afraid we cannot do much here. 😞
Does that make sense?
andylacko
Blocked a frame with origin XXX from accessing a frame with origin XXX prootocols, domains, and ports must match
so, for now, disabling smartlook, because it breaks application