Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Bug] Uncaught DOMException in a page with a cross-origin iframe #71

Open
pocka opened this issue Jun 19, 2021 · 1 comment
Open

[Bug] Uncaught DOMException in a page with a cross-origin iframe #71

pocka opened this issue Jun 19, 2021 · 1 comment
Labels
bug Something isn't working

Comments

@pocka
Copy link

pocka commented Jun 19, 2021

Describe the bug

storybookjs/addon-designs#108

telejson tries to call toJSON on a cross-origin object then a browser throws an Uncaught DOMException.

This mostly happens when you set action from @storybook/addon-actions to callbacks that pass native Events as a payload, and the page (frame) includes a cross-origin iframe. See the above issue for the context.

Steps to reproduce the behavior

  1. Setup Storybook for React with Actions Addon
  2. Write a story
    import { action } from "@storybook/addon-actions"
    
    export default { title: "Test/CrossOriginObject" }
    
    export const Sample = () => (
      <div>
        <iframe src="https://wikipedia.org" />
        <button onClick={action('onClick')}>Button</button>
      </div>
    )
  3. Click the "Button"
  4. See the error in the browser console

Expected behavior

No errors. Serializing to something like HTMLIFrameElement or <CrossOriginObject> would be enough IMO.

Screenshots and/or logs

Error messages.

Chrome

Uncaught DOMException: Blocked a frame with origin "http://localhost:6006" from accessing a cross-origin frame.
    at JSON.stringify (<anonymous>)
    at stringify (http://localhost:6006/vendors~main.iframe.bundle.js:122922:15)
    at PostmsgTransport.send (http://localhost:6006/vendors~main.iframe.bundle.js:13343:77)
    at handler (http://localhost:6006/vendors~main.iframe.bundle.js:13665:28)
    at Channel.emit (http://localhost:6006/vendors~main.iframe.bundle.js:13675:9)
    at actionHandler (http://localhost:6006/vendors~main.iframe.bundle.js:5519:13)
    at HTMLUnknownElement.callCallback (http://localhost:6006/vendors~main.iframe.bundle.js:86213:14)
    at Object.invokeGuardedCallbackDev (http://localhost:6006/vendors~main.iframe.bundle.js:86262:16)
    at invokeGuardedCallback (http://localhost:6006/vendors~main.iframe.bundle.js:86317:31)
    at invokeGuardedCallbackAndCatchFirstError (http://localhost:6006/vendors~main.iframe.bundle.js:86331:25)

Firefox (stack trace omitted)

Uncaught DOMException: Permission denied to access property "toJSON" on cross-origin object

Environment

  • OS: macOS
  • Node.js version: v14.11.0
  • NPM version: Yarn v1.22.10
  • Browser (if applicable): Google Chrome, Mozilla Firefox
  • Browser version (if applicable): 91.0.4472.106, 90.0b8
  • Device (if applicable): -

Additional context

A workaround for the Actions Addon with events in an environment with <iframe> is to remove the reference for the window object.

export const Workaround1 = () => (
  <div>
    <iframe src="https://wikipedia.org" />
    <button onClick={() => action('onClick')()}>Button</button>
  </div>
)

// view is a reference for the window (frame?) object
export const Workaround2 = () => (
  <div>
    <iframe src="https://wikipedia.org" />
    <button onClick={ev => action('onClick')({ ...ev, view: null })}>Button</button>
  </div>
)
@nrakochy
Copy link

Any ideas of where the bug might be here? Trying out storybook-addon-designs and seeing this error on the SSO redirect in the add-on

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Something isn't working
Projects
None yet
Development

No branches or pull requests

2 participants