Blog Archive

ExtJs Unsafe JavaScript attempt to access frame with URL

Domains, protocols and ports must match! If you are using iframe and ExtJs you may come across this error. The AJAX request gets processed but when you try to decode the response from the Server its an empty string giving all kinds of errors. Say you were expecting a JSON object in response and it will tell you that it's a invalid JSON string etc. The solution is to set the document.domain Javascript property in the server AJAX response.

Here is an example of Java Servlet doPost() method ...
 //PrintWriter to send the JSON response back
 PrintWriter out = response.getWriter();
   
 //set content type and header attributes
 response.setContentType("text/html");
 response.setHeader("Cache-control", "no-cache, no-store");
 response.setHeader("Pragma", "no-cache");
 response.setHeader("Expires", "-1");
 response.setHeader("Access-Control-Allow-Origin", "*");
 response.setHeader("Access-Control-Allow-Methods", "POST");
 response.setHeader("Access-Control-Allow-Headers", "Content-Type");
 response.setHeader("Access-Control-Max-Age", "86400");
   
 out.println("<html><head><script type=\"text/javascript\">document.domain = \"yourDomain.com\"</script></head><body>");
 JsonObject myObj = new JsonObject();
 myObj.addProperty("success", true);
 out.println(myObj.toString());
 out.println("</body></html>");
 out.close();