Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Evaluation failed: DOMException: Blocked a frame with origin "null" from accessing a cross-origin frame. #358

Closed
siddoib opened this issue Sep 14, 2021 · 10 comments
Closed

Evaluation failed: DOMException: Blocked a frame with origin "null" from accessing a cross-origin frame. #358

siddoib opened this issue Sep 14, 2021 · 10 comments

Comments

@siddoib
Copy link

siddoib commented Sep 14, 2021

When running the latest daisy release v 1.2.3 I get the error message Evaluation failed: DOMException: Blocked a frame with origin "null" from accessing a cross-origin frame when a html page contains an iframe.

full details as below:

  • [1.2.3] the version of Ace impacted by the issue (as returned by the ace -v command).
  • [16.9.1] the version of Node used to run Ace (as returned by the node -v command).
  • [Windows_NT 10.0.17763] your operating system and version.
  • [ Ace: the error message
    daisy error log.txt]
  • [n/a] if the issue is about the HTML report: the browser(s) and version(s) you used.
  • [yes, I am happy to provide a sample] if possible, let us know if you can share a sample input file to help us reproduce the issue.

I am able to process the same epub file when using Ace v1.2.2 and below. I am also able to get at least a report when I run Ace v1.2.3 using Electron (ace-electron -V path/to/epub) even though I get the follwoing error messages the processing doesn't stop in constrast to running the default ace -V path/to/epub : electron: Failed to load URL: https://myIframe.com/htmlfile.htnl with error: ERR_BLOCKED_BY_CLIENT
@danielweck
Copy link
Member

Hello, I wonder if this has anything to do with a previous (fixed) bug related to external iframe documents:
#339

I am not sure what could have triggered this bug from v1.2.2 to v1.2.3 !?

So, same request as before: may I please have a copy of your EPUB so I can attempt to reproduce the bug? Thank you :)

@danielweck
Copy link
Member

Ah, I am able to reproduce the bug using 9780197545454_EPUB.epub which you shared with me via the previous bug report.

@danielweck
Copy link
Member

  • ace fails with DOMException: Blocked a frame with origin "null" from accessing a cross-origin frame.
  • ace-electron completes the evaluation but displays non-fatal warnings Failed to load URL: https://domain.com/... with error: ERR_BLOCKED_BY_CLIENT

@siddoib
Copy link
Author

siddoib commented Sep 14, 2021

That's great - I was about to send another sample file. Yes, using the previous sample should trigger this error.

@siddoib
Copy link
Author

siddoib commented Sep 14, 2021

I have come across the following axe-core issue and I am wondering it's not related to these ones. dequelabs/axe-core#3096

@danielweck
Copy link
Member

I fixed this bug via a patch to the DAISY fork of Axe. Both Ace's Electron and Puppeteer Axe "runners" yield identical validation reports, with the following execution time (reminder: external HTTP iframes are skipped / ignored):

./scripts/compareAxeRunners.sh 9780197545454_EPUB.epub

ElectronAxeRunner ...
>>> ACE PERF: 53 seconds + 447820398 nanoseconds
PuppeteerAxeRunner ...
>>> ACE PERF: 68 seconds + 522807222 nanoseconds

@danielweck
Copy link
Member

DAISY Axe fork code reference:
https://github.com/daisy/axe-core/blob/6b68cb184c532c8c7d14b1d00512b3df487d6588/lib/core/base/audit.js#L19-L29

Related API:
https://www.deque.com/axe/core-documentation/api-documentation/#allowedorigins
...introduced in Axe v4.2.0:
https://github.com/dequelabs/axe-core/blob/develop/CHANGELOG.md#420-2021-04-23

@danielweck
Copy link
Member

Axe's getDefaultOrigin() returns "null" for file:// URLs which are used by Puppeteer (Ace's Electron Axe runner uses an HTTP server internally, thus why the problem doesn't surface in this case).
Because Ace doesn't configure Axe with allowedOrigins, the getDefaultOrigin() value of "null" (which is not falsy, unlike null, obviously) automatically populates the array:
https://github.com/daisy/axe-core/blob/6b68cb184c532c8c7d14b1d00512b3df487d6588/lib/core/base/audit.js#L47-L50
...which causes a crash in window.postMessage(, origin):
https://github.com/daisy/axe-core/blob/6b68cb184c532c8c7d14b1d00512b3df487d6588/lib/core/utils/frame-messenger/post-message.js#L41-L52
=>
Error: Failed to execute 'postMessage' on 'Window': Invalid target origin 'null' in a call to 'postMessage'

danielweck added a commit to daisy/axe-core that referenced this issue Sep 14, 2021
@danielweck
'null' origin fix, see daisy/ace#358 (comment)
327b8c0
@danielweck
Copy link
Member

This should be fixed in Ace 1.2.4, could you please update your local NPM install and confirm?
Thank you very much, and thank you for bringing this to our attention! :)

https://github.com/daisy/ace/releases/tag/v1.2.4

@siddoib
Copy link
Author

siddoib commented Sep 15, 2021

Good morning @danielweck.
lastest version 1.2.4 of Ace tested and no iframes error reported in all my tests. Thank you so much for your help with this!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@danielweck @siddoib