[Problem/Bug]: Not able to disable web security to access cross origin frame #5299
Description
What happened?
My index.html has iframe , that points to my locally hosted app eg: https://localhost/app1 or it can be any website with different origin
when i try to access the content of the iframe in devtool console like this ;- iframe.contentWindow.document
i have the following error
Uncaught SecurityError: Failed to read a named property 'document' from 'Window': Blocked a frame with origin "https://app/" from accessing a cross-origin frame.
My end goal is to run script inside the iframe and have playwright testcases executed on them , to execute the test i need to get the frame but couldnt
Importance
Moderate. My app's user experience is affected, but still usable.
Runtime Channel
Stable release (WebView2 Runtime)
Runtime Version
138.0.3351.77
SDK Version
1.0.3351.48
Framework
WPF
Operating System
Windows 11
OS Version
22631.5472
Repro steps
Create a demo webview2 app using wpf
Point it towards a index.html that has iframe pointing towards different origins
use SetVirtualHostNameToFolderMapping to map index.html to https://app/index.html
open webview2's devtools
in inspect select iframe and in console type the following
$0.contentWindow.document
I am using These option to start my webview2 instance
var options = new CoreWebView2EnvironmentOptions
{
AdditionalBrowserArguments =
$"--disable-web-security " +
$"--allow-insecure-localhost " +
$"--disable-features=IsolateOrigins,site-per-process " +
$"--remote-debugging-port={port}"
};
I have a index.html file which i virtually host as follow to webview2
private async Task CreateWebView()
{
myMainWebView = await myWebViewFactory(myUserDataFolder, true, null, 0, 0);
var applicationFolderPath = 'path-to-my-html-directory';
var applicationPath = applicationFolderPath + "/" + "index.html";
(myMainWebView as UXWebView2)?.CoreWebView2.SetVirtualHostNameToFolderMapping(
"app",
applicationFolderPath,
CoreWebView2HostResourceAccessKind.Allow
);
myMainWebView.Navigate("https://app/index.html");
}
this index.html has iframe , that point to my locally hosted app eg: https://localhost/app1 or it can be any website
now when i try to access the content of the iframe in devtool console like this ;- iframe.contentWindow.document
i have the following error
Uncaught SecurityError: Failed to read a named property 'document' from 'Window': Blocked a frame with origin "https://app/" from accessing a cross-origin frame.
My end goal is to run script inside the iframe and have playwright testcases executed on them , to execute the test i need to get the frame but couldnt
Repros in Edge Browser
No, issue does not reproduce in the corresponding Edge version
Regression
No, this never worked
Last working version (if regression)
No response