问题描述
我有一个iframe FB应用程序。我们有三个地方开发它:我的本地主机,我们测试应用程序的服务器,生产服务器。本地主机和生产有HTTPS。本地主机和舞台应用程序启用了沙箱模式。所有版本的应用程序是相同的,代码是一样的。除了HTTPS之外,舞台和制作完全相同的服务器机器具有相同的设置。现在,只有在我的舞台服务器应用程序 :当我点击jQuery UI对话框应该召唤的东西时,会在Firebug中引发以下错误:拒绝访问属性Arbiter的权限。那么不会召唤对话。它以某种方式动态加载了canvas_proxy.php,在此代码中:
/ **
*解析片段,调用Arbiter.inform(method,params)
*
* @author ptarjan
* /
函数doFragmentSend(){
var
location = window。 location.toString(),
fragment = location.substr(location.indexOf('#')+ 1),
params = {},
parts = fragment.split('& '),
i,
pair;
lowerPageDomain(); (i = 0; i< parts.length; i ++){
pair = parts [i] .split('=',2);
params [decodeURIComponent(pair [0])] = decodeURIComponent(pair [1]);
}
var p = params.relation? resolveRelation(params.relation):parent.parent;
//用户不在框架内(可能在自己的域上测试)
if(p == parent ||!p.Arbiter ||!p.JSON){
返回;
}
p.Arbiter.inform(
'Connect.Unsafe。'+ params.method,
p.JSON.parse(params.params),
getBehavior(p,params.behavior));
}
行 if(p == parent || !p.Arbiter ||!p.JSON){引发它。链接JS API的脚本代码如下所示:
< script src =https://connect.facebook.net /en_US/all.js#appId=APPID\"></script>
有人有任何线索为什么会发生这种情况吗?我发现和,但这些问题似乎对我没有帮助(或者我只是不要这样)可能是因为HTTPS?为什么前天工作?我绝望:每当你有一个权限被拒绝的消息,你正在处理帧或iframe时,它就是一个文档(
域名问题,一个文件属于域x,另一个属于域y,并注意到www.domain.com和domain.com不是相同的文件域!
当您从另一个框架文档中点击DOM时(无论是为了更改页面元素的值还是简单地读取一些隐藏变量或URL的值),您将获得一个权限被拒绝除非两个框架的文档都是从相同/相同的域提供的。
所以,如果一个框架属于www.mydomain.com,另一个框架恰好是mydomain。 com或www.someotherdomain.com,你会得到那个血腥的许可被拒绝的错误。
而且没有办法,如果有的话,身份盗用问题会有无时无刻不在。
I have an iframe FB app. We have three places where we develop it: My localhost, stage server where we test the app, production server. Localhost and production have HTTPS. Localhost and stage apps have sandbox mode enabled. All versions of app are identical, code is the same. Stage and production are totally the same server machine with the same settings except of the HTTPS.
Now what is happening only at my stage server app: When I click on something where jQuery UI dialog should be summoned, it raises following error in my Firebug: Permission denied to access property 'Arbiter'. No dialog is summoned then. It's raised in somehow dynamically loaded canvas_proxy.php, within this code:
/**
* Parses the fragment and calls Arbiter.inform(method, params)
*
* @author ptarjan
*/
function doFragmentSend() {
var
location = window.location.toString(),
fragment = location.substr(location.indexOf('#') + 1),
params = {},
parts = fragment.split('&'),
i,
pair;
lowerPageDomain();
for (i=0; i<parts.length; i++) {
pair = parts[i].split('=', 2);
params[decodeURIComponent(pair[0])] = decodeURIComponent(pair[1]);
}
var p = params.relation ? resolveRelation(params.relation) : parent.parent;
// The user is not inside a frame (probably testing on their own domain)
if (p == parent || !p.Arbiter || !p.JSON) {
return;
}
p.Arbiter.inform(
'Connect.Unsafe.'+params.method,
p.JSON.parse(params.params),
getBehavior(p, params.behavior));
}
The line if (p == parent || !p.Arbiter || !p.JSON) { raises it. My script code linking the JS API looks like this:
<script src="https://connect.facebook.net/en_US/all.js#appId=APPID"></script>
Have anyone any clue why this could be happening? I found this and this, but these issues doesn't seem to be helpful to me (or I just don't get it). Could it be because of the HTTPS? Why it worked the day before yesterday? I am desperate :-(
whenever you have a permission denied message and you are dealing with frames or iframes, it's a document domain issue. One document belongs to domain x and the other is domain y. And notice that www.domain.com and domain.com are not the same document domains!
When you are tapping into the DOM of one framed document from another one, (whether it is for the purpose of changing the values of a page element or simply reading the values of some hidden variable or url etc), you will get a permission denied message unless both framed documents are served from the same/identical domains.
So, if one frame belongs to www.mydomain.com and the other happens to be just mydomain.com or www.someotherdomain.com, you get that bloody permission denied error.
And there is no way around it. And If there were, the identity theft problem would have sky-rocketed in no time.
这篇关于许可被拒绝访问财产“仲裁者”的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!