在主frame,使用
var frame = document.getElementById("login_frame");
console.log('haha2:' + dom.contentWindow);
这种方式访问子frame,存在跨域问题。
那么怎么在chromium里去掉这个检查呢。经过调试,发现仅仅去掉SecurityOrigin::canAccess之类还是不行,
原因是如下堆栈:
blink::V8Window::namedPropertyGetterCustom blink::DOMWindowV8Internal::namedPropertyGetterCallback v8::internal::PropertyCallbackArguments::Call v8::internal::`anonymous namespace'::GetPropertyWithInterceptorInternal v8::internal::JSObject::GetPropertyWithInterceptor v8::internal::Object::GetProperty v8::internal::JSReceiver::GetProperty v8::internal::Object::GetMethod v8::internal::JSReceiver::ToPrimitive v8::internal::Object::ToPrimitive v8::internal::Object::Add v8::internal::BinaryOpIC::Transition
v8::internal::Runtime_BinaryOpIC_Miss
会去取Symbol.toPrimitive,
关键就是这个Object::GetProperty,会调用it->HasAccess()去请求是否有访问权限。
it->HasAccess()里的逻辑是先检查
Context::cast(receiver_context)->security_token() == native_context->security_token()
再检查v8windows里设置的
DOMWindowV8Internal::securityCheck。
所以只要在WindowProxy::setSecurityToken里
把所有SecurityToken都用context->SetSecurityToken
设置成一样的,v8就全都放行了。