SecurityError when accessing an iframe of same origin

[danielschwartz85]

Current behavior:

When getting an iframe of same origin and accessing it's contentDocuemnt this error is thrown:

SecurityError: Failed to read the 'contentDocument' property from 'HTMLIFrameElement': Blocked a frame with origin "https://www.facebook.com" from accessing a cross-origin frame.

(perhaps related to #3685 ?)

Desired behavior:

Not get the error if the iframe is of the same origin

Steps to reproduce:

1. See this repo:
   https://github.com/danielschwartz85/cypress-issue-example
2. Or run:

const url = 'https://www.facebook.com';
const testName = url;

describe('Hello world', () => {
  it('works', () => {
    cy.visit(url);
    cy.document().then(doc => { 
        console.log('Frame url:', doc.getElementById('captcha-recaptcha').src, 'Site url', window.location.href)
        doc.getElementById('captcha-recaptcha').contentDocument // This throws exception
    })
  });
});

Versions

Cypress 3.1.5
Ubuntu 18.04.2 LTS

Thanks.

[jennifer-shehane]

I'm not able to reproduce this behavior with the provided code.

The provided repo - did you not provide the branch this code is on? The master code doesn't look relevant to this issue.

Ran on Mac, Cypress 3.1.5.

Please provide all information pertaining to config, proxy, setup, plugins, etc.

I'm not exactly sure what you are testing, but I see you are getting a 'captcha-recaptcha' element. We do not support testing captcha as it is designed to specifically avoid being automated.

[danielschwartz85]

@jennifer-shehane sorry forgot to push the test file to the repo. (now pushed).

Regarding the config, etc not sure what I can add since I have no proxy, no plugin and using the default cypress config.
(Using electron 61 in UI mode)

Note that this isn't directly related to captcha since I'm just accessing the iframe's contentDocument (this also happens to me in other sites iframes..)

[danielschwartz85]

btw if I open the console in the "Your App" frame and access frame's contentDocument I also get this error.

The wired thing is I'm getting this error when getting the frame with document.getElementById
but when getting the frame with document.getElementsByTagName I'm not getting the error..
Not sure what i'm missing..

[jennifer-shehane]

Ok, I am able to reproduce this in Electron 61 (Chrome 61) - that was the key information missing. This is due to some differences between Chrome 61 and the current version. We're updating Electron in an upcoming version: #4270

You can turn off this error by setting chromeWebSecurity: false in your config. https://on.cypress.io/web-security

[danielschwartz85]

Thanks !

[jennifer-shehane]

Electron has been upgraded to 7.1.10 as of Cypress 3.8.3 and should be resolved without the workaround.