{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 冷血范 的问题《How to solve Blocked a frame with origin from acce》','https://www.manongdao.com/q-769535.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
This question already has an answer here:
- Cross domain iframe issue 4 answers
I am working on a WordPress website in which there are a lot of wordpress plugins installed.
The plugins installed on the wordpress website has the following options:
When I click on View details option, I am getting the blank screen as shown below in an image but when I open in a new window or tab, it works.
On checking console, I am getting the following error (when clicking on View Details fails to open on the same page):
Blocked a frame with origin from accessing a cross-origin frame.
at Contents
at Function.map
at a.fn.init.n.fn.(anonymous function) [as contents]
and many other places.
Problem Statement:
I am wondering which file I need to modify in wordpress in order to solve this error. This error seems to exist in every wordpress plugins. It works in a new tab or window but fails to work in the same page.
This issue can be from video iframe. Which can be in widget or anywhere you used. Did you added any video iframe from any channel which has any privacy or restriction.
If it's for particular plugin use case then please take a look around where you used or check plugin code or plugin issues if it has any issue then apply patch for that ?
The browser is blocking the new frame due to an HTTP security header. There are few relevant security headers and you can get the details here: https://www.dionach.com/blog/an-overview-of-http-security-headers
Most likely, that one of the WordPress security plugins is injecting this header.
In rare cases, the web server itself was configured to inject those headers.
I suggest to search through the settings of all active security plugins to find where the "Same Origin Policy" is forced on admin screens.
If you can't find the setting directly, then disable the plugins one-by-one, till the issue is resolved. Of-course, there is a plugin to disable plugins for you only (without affecting any other user): https://wordpress.org/plugins/health-check/