Iframe in Chrome error: Failed to read 'localStorage' from 'Window': Access denied for this document

failed to read the 'localstorage' property from 'window' selenium
failed to read the 'sessionstorage' property from 'window' access is denied for this document
error failed to read the 'localstorage' property from 'window' access is denied for this document
failed to read the caches property from 'window
failed to read the 'localstorage' property from 'window' jitsi
iframe localstorage
chrome iframe localstorage
failed to read the 'localstorage' property from 'window': storage is disabled inside 'data:' urls.

I have a web app which uses localStorage. Now we want to embed this web app on other (third-party) sites via iframe. We want to provide an iframe embed similar to youtube so that other websites can embed our web app in an iframe. Functionally it is the same as if it wouldn't be embedded. But it does not work. Chrome prints the error message:

Uncaught SecurityError: Failed to read the 'localStorage' property from 'Window': Access is denied for this document.

I just do the following check (in the iframe):

if (typeof window.localStorage !== 'undefined') {
    // SETUP SESSION, AUHT, LOCALE, SETTINGS ETC
} else {
    // PROVIDE FEEDBACK TO THE USER
}

I checked my security settings in Chrome like described in another Stackoverflow Thread but it doesn't work. Is there any change to make embedding possible without the need of adjusting (default) security settings of most modern browsers?

To give more information, we use Ember-CLI for our web app and turned on CSP (more info about the Ember-CLI CSP). Could CSP cause our web app to throw security errors?

Under Chrome's Settings > Privacy > Content settings, you have the cookie setting set to to "Block sites from setting any data"

This checkbox is what is causing the exception.

Iframe in Chrome error: Failed to read 'localStorage' from - html, Iframe in Chrome error: Failed to read 'localStorage' from 'Window': Access denied for this document - google-chrome. The contentWindow property returns the Window object of an HTMLIFrameElement. You can use this Window object to access the iframe's document and its internal DOM. This attribute is read-only, but its properties can be manipulated like the global Window object.

According to this

This exception is thrown when the "Block third-party cookies and site data" checkbox is set in Content Settings. To find the setting, open Chrome settings, type "third" in the search box, click the Content Settings button, and view the fourth item under Cookies.

Iframe in Chrome error: Uncaught SecurityError: Failed to read the , Uncaught SecurityError: Failed to read the 'sessionStorage' property from ' Window': Access is denied for this document. No clue how to go further on this when� Stack Overflow Public questions and answers; Teams Private questions and answers for your team; Enterprise Private self-hosted questions and answers for your enterprise; Jobs Programming and related technical career opportunities

On the following URL: chrome://settings/content/cookies uncheck "Block third-party cookies".

Failed to read 'localStorage' from 'Window': Access denied for this , Iframe in Chrome error: Failed to read 'localStorage' from 'Window': Access denied for this document. tschoartschi; 2015-05-27 11:45; 9. I have a web app which� This seems to be broken in chrome 30.0.1599.101 - any attempts to use code, variables, etc are still from the parent context after choosing an iframe – Kevin Nov 14 '13 at 0:55 3 The interface has changed in version 33.

A more secure way of doing this in Chrome would be to allow only the site(s) that you trust:

Chrome
  -> "Settings"
    -> "Show advanced settings..."
      -> "Privacy"
        -> "Content settings..."
          -> "Manage exceptions..."
            -> (add a pattern such as [*.]microsoft.com)
            -> be sure to hit enter
            -> "Done"
          -> "Done"

iframe cookie doesn't work, I can't login on iframe. How can I fix this? I set the Secure true and SameSite. Is it chrome bug� You can read more about cross-origin access in the chapter Fetch: Cross-Origin Requests. It describes the fetch method for network requests, but the policy is exactly the same. Such thing as “cookies” is out of our current scope, but you can read about them in the chapter Cookies, document.cookie .

localStorage is per domain, per protocol. If you are trying to access localStorage from a standalone file, i.e. with file:/// protocol, there is no domain per se. Hence browsers currently would complain that your document does not have access to localStorage. If you put your file in a web server (e.g. deploy in Tomcat) and access it from localhost, you will be able to access localStorage.

document.cookie is not working with iframe, Windows 10, Chrome , Reported the same to Chromium project: https://bugs.chromium.org/p/chromium/ issues/detail?id=1062162. Later, found out that it is expected� About Monorail User Guide Release Notes Feedback on Monorail Terms Privacy User Guide Release Notes Feedback on Monorail Terms Privacy

localStorage in iframe stopped working with latest Chrome! : gamedev, The error say: Uncaught DOMException: Failed to read the 'localStorage' property from 'Window': Access is denied for this document. Other thing that broke is� Fix Videos in Website Not Playing in Chrome. The other day I was tinkering with various settings in the Chrome browser. I didn’t have a reason to start turning things on and off other than I was

Iframe in Chrome error: Failed to read 'localS, Iframe in Chrome error: Failed to read 'localS. Bombasti 关注. 发布时间:2020-05- 29 15:46. I have a web app which uses localStorage. Now we want to embed� Definition and Usage. The contentDocument property returns the Document object generated by a frame or iframe element. This property can be used in the host window to access the Document object that belongs to a frame or iframe element.

What Is Mixed Content? | Web Fundamentals, Chrome blocks the insecure script. type of dangerous content by default and display an error in the JavaScript console. var jsonData = JSON.parse(request. Active mixed content includes scripts, stylesheets, iframes, flash resources, and � window.top.postMessage(`ERROR> failed to find object`, '*'); return; // now reader_obj is a reference to the Object, object_prop_taidx is the index of its first inline property from the beginning of tarray

Comments
  • your title mentions an iframe? is something in the iframe trying to access the local storage? that sounds like it could trigger a security warning?
  • @Grapho: I rephrased my initial question. We just want to provide other websites the possibility to embed our web app via iframe. So the window.localStorage call is in our web app code and therefore in the iframe. We don't want to do any fancy cross domain thing. Just make our web app available via iframe. Hope this clarifies the problem.
  • if the web app uses local storage, then running it in an iframe will cause a cross-domain issue, because Window is global... it will be trying to access the local client's window.localstorage.. remember locastorage is a client browser thing.. not a hosted/server thing.. your app has no knowledge if it is being served from anywhere
  • not with localStorage. if you want to only store things on your domain, you will need a back-end to persist data to... utilizing ember-data or such.
  • I haven't had time to investigate into this issue more. I just tried it again and didn't embed the iframe in a html file which is serve from file-system. Instead I used a file served from a webserver. Magically everything works now (tested in Chrome, Firefox, IE11 and Safari). Maybe I explained my question not in the right way, but it seems to work as I expected when I first tried it.
  • if it's not default, it's mostly unusable, because users won't change settings to use some website.
  • It is not about the "Block sites from setting any data" option but rather: "Block third-party cookies and site data" setting which doesn't make most sites unusable, but cuts off most of the your-searches-related adverts
  • Seems quite unreasonable to expect visitors to adjust their settings for this. And I'm sure there has to be a better solution. I run into this problem trying to use the Youtube API on a site. Youtube works fine on other sites without changing any settings. There must be a better solution, or Youtube wouldn't work on other sites.
  • somehow the site was block in the content settings I might have had done it before. After remove the site from the blocking list it works just fine for me.
  • my self I had the issue with an iFrame today inside a website .. hence your answer is missing something :/ still reading about it I'll let you know if I find anything.
  • if I read comment on the question it makes complete sense : if the web app uses local storage, then running it in an iframe will cause a cross-domain issue, because Window is global... it will be trying to access the local client's window.localstorage.. remember locastorage is a client browser thing.. not a hosted/server thing.. your app has no knowledge if it is being served from anywhere
  • As I pointed out in a comment before, everything works as expected after I embedded the iframe in a file which is served from a webserver instead from file system. So everything works fine. Maybe I just phrased my question wrongly. But thanks for all the comments and explanations. If someone is interested in more details, just ask :)
  • I am facing a similar problem. Can you let me know how you solved it?
  • same problem here, thinking about cookies.. :/