I am working on setting iframe and stuck with local testing. I have my app running on localhost:3000
I have setup Iframe in my app with src url set to localhost:1234 for local testing. I was hoping accessing via local host would resolve the cross origin error but looks like since port numbers are different, this doesn't seem to work
SecurityError: Blocked a frame with origin "http://localhost:3000" from accessing a cross-origin frame.
I have looked into various stack overflow posts and tried disabling chrome web security, even then this doesn't seem to let me do some local testing.
Any suggestions on how to prevent the cross origin error in this case?
Thanks!
CodePudding user response:
I was able to do local testing via Safari following the steps here:
Safari -> Preferences -> Advanced
then at the bottom tick Show Develop Menu in menu bar
then in the Develop Menu tick Disable Cross-Origin Restrictions
CodePudding user response:
Your app (the backend) should send a CORS header (from localhost:3000
if I understand correctly). A different port (just like a different hostname) counts as a different origin, so the same origin policy applies to requests, and you have to explicitly enable cross-origin requests.
The way to do so is your "backend" must send
Access-Control-Allow-Origin: localhost:1234
if that's where your frontend app is running. For development, you can also send
Access-Control-Allow-Origin: *
Don't do this in later stages of your pipeline and especially not in production as you might open your app to further vulnerabilities (CSRF).
If your frontend app uses cookies to authenticate cross-origin, the backend must also send Access-Control-Allow-Credentials: true
, and your frontend javascript must add withCredentials: true
to the request. However, it doesn't sound like this is the case for you.