Every page of DaniWeb has a Javascript error that says:

Uncaught SecurityError: Blocked a frame with origin "http://www.daniweb.com" from accessing a frame with origin "https://www.facebook.com".  The frame requesting access has a protocol of "http", the frame being accessed has a protocol of "https". Protocols must match.

I haven't changed anything related to our FB plugins anytime recently, and this is something new. I just started noticing it since upgrading to the newest version of Chrome the other day, so I'm wondering if it's a new security precaution on the browser side?? Regardless, what change do I need to make to fix this? I can't seem to find anything where I'm referencing the https version of the plugin.

Recommended Answers

All 8 Replies


Sorry to bump this but it's been a week with no responses. Should this be in the Javascript forum instead? Is bumping even allowed?

You'll need to serve the daniweb.com in "https" protocol so they can match , no other fix available.

That doesn't make sense to me because most websites are not served using https, and certainly most websites that Facebook intends their widget to be on are not served using https. Therefore, I can't see why they would design the Facebook widget to error out on non-https pages. I'm kinda convinced that there's something wrong with my implementation that I'm telling it to use the https version instead of the http version.

Member Avatar

You said it happens in Chrome, but does it happen in other browsers as well?

Have you tried removing the https: from the frame? And link it just like //connect.facebook.net or whatever plugin is there?
This will force the frame to load using the current page scheme (protocol relative URL).

Dani, did you get this worked out? I'm not seeing this error. I'm using chrome, but I am seeing a couple other FB errors.

Now I'm not seeing it anymore and instead seeing an error, myself, about an invalid Facebook ID?

That's the error I'm seeing. But it looks like when you call FB.init, you're not passing in your app id:

FB.init({channelURL: 'http://www.daniweb.com/js/fb_channel.html',
    status: true, cookie: true, xfbml: true});

There's supposed to be an appId member in the object you're passing to the init function.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, learning, and sharing knowledge.