"Unsafe JavaScript attempt to access frame with URL..." error being continuously generated in Chrome webkit inspector

Chrome (or any other webkit browser) throws a ton of these "Unsafe JavaScript attempt to access frame with URL..." when working with the Facebook API for example.

It doesn't interfere with actual operation, but it does make the javascript console basically unusable.

I'd like to know if there is a way to suppress these errors specifically in the console? Or if there are other solutions you guys can think of, I would really appreciate it.

Thanks.


You could allow cross-domain requests during testing by running chrome with the --disable-web-security command line option. This should probably get rid of the error (and allow FB to spy on your testing ;)


This happens when a source from an different domain is loaded and tries to access the document.cookie. It happens with head sources (script tags) as well with iframe documents which try to access the document.cookie for some reason.


Whats the problem?

Tons of Unsafe JavaScript attempt to access frame with URL... error messages in the Chrome JS console.

As @thechrisproject points out, these errors are caused by many reputable 3rd party api's and widgets, including but not limited to:

  • The Facebook JS SDK
  • Vimeo Iframe Embed
  • Google Maps Iframe Embed

My understanding on the why: (please correct me if I'm wrong)

Chrome has stricter security settings and/or shows more such errors than competing browsers. API/widget/embed authors attempt to do things (cross-domain/frame) that will not work in all browsers (probably for their own reporting/analytics) but that don't actually effect the usuabilty of their widget if it doesn't work (just causes a lot of annoying errors)

Quick Answer

NO, you cannot (just) suppress these errors in the chrome console.

Solutions?

  • Deal with it. These errors do not actually break these 3rd party apis and widgets, they just make the console much more difficult to use
  • you can set the console to log only Warnings, Logs, or Debug messages. This will hide ALL errors.
  • you can use another browser
  • As @Dagg_Nabbit. pointed out, you can allow cross-domain requests by running chrome with the --disable-web-security command line option. More information here: Disable same origin policy in Chrome. Note that this setting will negatively effect the security of your browser. I have 2 chrome shortcuts so I can open it with or without this flag.

Since we can't blame the people from Google for constructing such a safe browser, I think the best solution is to use Facebook's server-side solutions (e.g. PHP SDK), it'll save you a lot, lot, lot, lot, lot of headache. The only advantage I see in using the FB javascript SDK is the popup login which you can do yourself using javascript/jQuery.


These errors can be thrown if, when you register your app with Facebook, you don't have a trailing forward slash in the Site URL field. In other words, you need "http://domain.com/" not "http://domain.com"

You can check the Site URL setting from developers.facebook.com/apps Edit settings -> Basic -> Site URL.