WordPress.org

Ready to get started?Download WordPress

Forums

Jetpack by WordPress.com
[resolved] JavaScript Errors with the Share This Widget (19 posts)

  1. Strictly Software
    Member
    Posted 9 months ago #

    JavaScript is throwing up 30+ errors due to IFRAME domain protocol errors when showing the Share buttons.

    For example on a site I am using (all http, no SSL) on a page I am using these buttons I get the following errors.

    I don't know if all of these are down to you but I thought I would post them anyway.

    Blocked a frame with origin "http://platform.twitter.com" from accessing a frame with origin "http://www.mywebsite.com". The frame requesting access set "document.domain" to "twitter.com", but the frame being accessed did not. Both must set "document.domain" to the same value to allow access.
    Blocked a frame with origin "https://accounts.google.com" from accessing a frame with origin "http://www.mywebsite.com". The frame requesting access has a protocol of "https", the frame being accessed has a protocol of "http". Protocols must match.
    Blocked a frame with origin "http://www.reddit.com" from accessing a frame with origin "http://www.mywebsite.com". Protocols, domains, and ports must match.
    Blocked a frame with origin "http://www.mywebsite.com" from accessing a frame with origin "https://www.facebook.com". The frame requesting access has a protocol of "http", the frame being accessed has a protocol of "https". Protocols must match.
    Blocked a frame with origin "http://www.mywebsite.com" from accessing a frame with origin "https://apis.google.com". The frame requesting access has a protocol of "http", the frame being accessed has a protocol of "https". Protocols must match.
    Blocked a frame with origin "http://www.mywebsite.com" from accessing a frame with origin "http://platform.twitter.com". The frame being accessed set "document.domain" to "twitter.com", but the frame requesting access did not. Both must set "document.domain" to the same value to allow access.
    Blocked a frame with origin "http://www.mywebsite.com" from accessing a frame with origin "http://www.reddit.com". Protocols, domains, and ports must match.
    Blocked a frame with origin "http://www.mywebsite.com" from accessing a frame with origin "https://widgets.wp.com". The frame requesting access has a protocol of "http", the frame being accessed has a protocol of "https". Protocols must match.
    Blocked a frame with origin "https://widgets.wp.com" from accessing a frame with origin "http://www.mywebsite.com". The frame requesting access has a protocol of "https", the frame being accessed has a protocol of "http". Protocols must match.
    Blocked a frame with origin "https://www.facebook.com" from accessing a frame with origin "http://www.mywebsite.com". The frame requesting access has a protocol of "https", the frame being accessed has a protocol of "http". Protocols must match.
    [blocked] The page at https://www.stumbleupon.com/badge/embed/1/?url=http%3A%2F%2Fwww.mywebsite…oyd%20Williams%E2%80%99%20horses%20dominate%20The%20Metropolitan%20weights ran insecure content from http://cdn.stumble-upon.com/js/badge_su.js?v=20120613.
    http://www.stumbleupon.com/:1
    [blocked] The page at https://www.stumbleupon.com/badge/embed/1/?url=http%3A%2F%2Fwww.mywebsite…oyd%20Williams%E2%80%99%20horses%20dominate%20The%20Metropolitan%20weights ran insecure content from http://cdn.stumble-upon.com/css/badges_su.css?v=20120613.
    http://www.stumbleupon.com/:1
    Blocked a frame with origin "https://www.stumbleupon.com" from accessing a frame with origin "http://www.mywebsite.com". The frame requesting access has a protocol of "https", the frame being accessed has a protocol of "http". Protocols must match.
    getValues 1 ta.user.js:7324
    Blocked a frame with origin "https://widgets.getpocket.com" from accessing a frame with origin "http://www.mywebsite.com". The frame requesting access has a protocol of "https", the frame being accessed has a protocol of "http". Protocols must match.
    Failed to load resource: the server responded with a status of 502 (BAD_GATEWAY) https://log.pinterest.com/?via=http%3A%2F%2Fwww.mywebsite.com%2F…%2F&guid=8CX0nGmVFguS&type=pidget&callback=PIN_1379320446647.f.callback1
    getValues 1 ta.user.js:7324
    Blocked a frame with origin "https://jetpack.wordpress.com" from accessing a frame with origin "http://www.mywebsite.com". The frame requesting access has a protocol of "https", the frame being accessed has a protocol of "http". Protocols must match.
    getValues 1 ta.user.js:7324
    Blocked a frame with origin "https://public-api.wordpress.com" from accessing a frame with origin "https://widgets.wp.com". Protocols, domains, and ports must match.

    Do I need to do something to get these frame issues sorted? I know lots of social media sites are using https now so is it a problem with an http protocol accessing https? I see many pieces of code nowadays that just use // and skip the protocol e.g //facebook or //twitter etc.

    I don't know what the errors are causing to actually go wrong but the "More" drop down popup is a mess with icons not showing properly etc.

    Does the JS code need to be outputted in a certain place in the theme for these errors not to appear? Or is it a case of live with the errors?

    Thanks

    http://wordpress.org/plugins/jetpack/

  2. Richard Archambault
    Happiness Engineer
    Plugin Author

    Posted 9 months ago #

    Hmm, I don't see those errors on my test site. Mind sharing your site's URL so I can have a look? If you want to keep it private, you can send it in to us using our contact form:

    http://jetpack.me/contact-support/

    Thanks!

  3. Strictly Software
    Member
    Posted 9 months ago #

    Hi

    I think I have cracked it.

    I did a compare with other browsers and it was only Chrome that was throwing up these blocked errors. FireFox was fine, even though that is the browser I have with all the plugins.

    I went through all the few plugins I do have on Chrome, thinking it would be something like KB SSL Enforcer or some "force" HTTPS security plugin (even though I disable them for my own sites).

    However I found it was the MaskMe (https://chrome.google.com/webstore/detail/maskme/dpkiidbpeijnaaacjlfnijncdlkicejg) plugin that was causing the issues.

    When I turned it off the only common JS error between Chrome/FF was this, which always appeared first in the console.

    TypeError: document.body is null in
    http://widgets.digg.com/buttons.js (don't know if this is related to your plugin) but I only use Jetpack for the social media icons now whereas I used to use Share This.

    I thought MaskMe was only supposed to protect my passwords and emails. I didn't realise it was doing anything to block site to site access, or anything related to protocol security, but it seems to be doing so for some reason.

    I cannot find anything in the settings to set it to allow http to https frame display. Or anything related to "allowing" this site etc but it seems to be causing the problem.

    Anyway turning this plugin off made all the errors apart from that digg.com one go away.

    Why it is doing this I do not know but I thought I would let you know.

    Thanks

    Rob Reid

  4. Richard Archambault
    Happiness Engineer
    Plugin Author

    Posted 9 months ago #

    Wow, good detective work. Glad you solved it.

    As for the digg.com buttons that doesn't come from Jetpack, it must be another plugin you have installed.

  5. Strictly Software
    Member
    Posted 9 months ago #

    Hi Richard,

    I have checked all my plugins and yours is the only "social media" one I am using that outputs buttons on the page (below my content).

    Also the reason I thought it may have been your code is that in the source, I can see an inline script in the header. It is this script which is causing the error. Also directly below the code is a reference to your CSS file e.g

    <script type="text/javascript">
    	document.documentElement.className = 'js';
    </script>
    
    <!-- This site is optimized with the Yoast WordPress SEO plugin v1.4.15 - http://yoast.com/wordpress/seo/ -->
    <meta name="robots" content="noodp,noydir"/>
    <!-- lots more META tags -->
    <!-- / Yoast WordPress SEO plugin. -->
    
    <script type="text/javascript">
    (function() {
    	var s = document.createElement('SCRIPT'), s1 = document.getElementsByTagName('SCRIPT')[0];
    	s.type = 'text/javascript';
    	s.async = true;
    	s.src = '<strong>http://widgets.digg.com/buttons.js</strong>';
    	s1.parentNode.insertBefore(s, s1);
    })();
    </script>
    <meta content="UkTipster v.3.5" name="generator"/><link rel='stylesheet' id='jetpack_likes-css'  href='http://www.mysite.com/wp-content/plugins/jetpack/modules/likes/style.css?ver=2.4.2' type='text/css' media='all' />

    However when I look in the source of the theme the PHP code is just this.

    <script type="text/javascript">
    	document.documentElement.className = 'js';
    </script>
    <?php if ( is_singular() ) wp_enqueue_script( 'comment-reply' ); ?>
    <?php wp_head(); ?>
    </head>

    As you can see there is no hardcoded JS between the code that does document.documentElement.className = 'js'; and the offending script, just PHP.

    Therefore it must be a plugin outputting the JavaScript and I guess the problem is being caused by the JS running too quickly BEFORE the actual DIGG buttons in the share button option has had time to load into the source.

    If I could find the offending plugin (if it's not yours :) ) then at least I could wrap it in a document.ready or move it to the bottom of the page. Even run a looped test for the element it is trying to apply the style on before loading etc.

    Are you sure that your own JavaScript that loads up all the other social media code doesn't include code for Digg?

    I cannot find any other widgets that could be to blame and there are no comments being outputted to help diagnose the offending code.

    Thanks for your help anyway!

  6. Richard Archambault
    Happiness Engineer
    Plugin Author

    Posted 9 months ago #

    Hi! Really good work once again. However, I can guarantee that we have no digg.com code in Jetpack. Again though, if I could have your site's URL, I could take a look at the source myself and see if I find a clue as to the source of that digg.com link.

  7. Strictly Software
    Member
    Posted 9 months ago #

    Hi Richard

    The website is http://www.ukhorseracingtipster.com

    You can see an example of the source I am talking about here

    UK Horse Racing Tipster News

    Notice the inline SCRIPT just after the YOAST SEO comments?

    I did have a combination of WP Super Cache and WP Minify working together which was beating the hell out of another site with W3 Total Cache behind Cloudflare. However for some reason WP Minify has stopped working and I cannot use W3 Total Cache (to minify the HTML/CSS/JS) as it caches too well!

    I auto post a lot of content by feed OR email and need to check the HTML source before posting to prevent duplicate content but I get cached pages back which prevent it from working - AAH!.

    It was working so well WP Minify & WP Super Cache, I've contacted the plugin author (WP Minify) but have not heard back from him.

    I have de-activated all plugins, re-actived, deleted, all combos, but no errors and no help. I really hated debugging other peoples plugins which is the whole reason I started making my own. I really don't want to have to make my own minify plugin!

    Anyway sorry to get off topic. I just felt a need for a Sunday morning rant :)

    Any help you can give would be much appreciate - I can code so if you need me to do anything let me know.

    Thanks

    Rob

  8. Richard Archambault
    Happiness Engineer
    Plugin Author

    Posted 9 months ago #

    Hi!

    I don't see the digg script anymore, nor do I see the yoast comments, so did you find the solution? was it's yoast's plugin that was inputting the Digg script?

    I noticed a couple of other issues with your site, meanwhile:

    1) your theme or one of your plugins seems to be loading an old version of jQuery instead of using the version that comes bundled with WordPress.

    It can create multiple conflicts with WordPress and with other plugins like Jetpack. You can read more about it here:
    http://wordpress.org/support/topic/troubleshooting-wordpress-35-master-list?replies=4#post-3547424

    If it's your theme that's loading that jQuery, you'll want to look for the function loading jQuery in your theme's header.php file, or in the functions.php file. Once you find that function, you can remove it and enqueue the proper version of jQuery as explained here:
    http://codex.wordpress.org/Function_Reference/wp_enqueue_script

    If it's a plugin, then try to find the plugin that's loading the old jQuery and then enqueue jquery properly in the plugin.

    2) you're using an older version of Jetpack , version 2.2. You may want to update to 2.5 as there are new features and bug fixes in the most recent version.

  9. Strictly Software
    Member
    Posted 9 months ago #

    I am not sure what you are looking at if you cannot see the comments or digg.js.

    View the source of this file (in Chrome) > http://www.ukhorseracingtipster.com/2013/09/frances-vorda-to-be-ridden-by-olivier-peslier-in-cheveley-park-raid/

    I get from lines 42 - 55 (not logged in as u user)

    <meta name="twitter:creator" content="@ukhorseracetips"/>
    <!-- / Yoast WordPress SEO plugin. -->
    
    <script type="text/javascript">
    (function() {
    	var s = document.createElement('SCRIPT'), s1 = document.getElementsByTagName('SCRIPT')[0];
    	s.type = 'text/javascript';
    	s.async = true;
    	s.src = 'http://widgets.digg.com/buttons.js';
    	s1.parentNode.insertBefore(s, s1);
    })();
    </script>
    <meta content="UkTipster v.3.5" name="generator"/><link rel='stylesheet' id='jetpack_likes-css'  href='http://www.ukhorseracingtipster.com/wp-content/plugins/jetpack/modules/likes/style.css?ver=2.4.2' type='tex t/css' media='all' />

    I've also updated to v2.5 of JetPack.

    As for the two jQuery loads I am not sure which plugin isloading the old version, it is certainly not hardcoded in the source of the header or footer.

    Can you tell me the difference between de-avtivsting a plugin and deleting it? Will any source code, options, timer etc remain in the system or will they all go when de-activated?

    At the moment my full list of "activated" plugins sre:

    Akismet
    Audio player
    Cookies for Comments
    Fuzzy SEO Queries
    Jetpack by WordPress.com
    Limit Login Attempts
    LinkWithin (client side, related posts, low load nice pictures of related srticles)
    Postie (a custom version I built to correct errors within it)
    Quick Page/Post Redirect Plugin
    s2Member® Framework
    Sidebar Login
    SimplePie Core
    Strictly Auto Tags (my own custom latest version as I wrote it)
    Strictly Google Sitemap (same as above)
    Strictly System Check (same as above)
    Strictly TweetBot (same as above)

    -- all my plugins dont make use of JS client side scrpts

    WordPress SEO
    WP-DBManager
    WP-o-Matic (a very custom version I made of it - no JS)
    WP Autoresponder
    WP Autoresponder to s2member Integration Plugin
    WP Minify
    WP Show IDs
    WP Super Cache
    WPtouch
    WP Widget Cache (just caches sidebars, tag clouds etc)

    Server is 2GB RAM Debian, running APC and MySQL ISAM. Tuned with 3+ MySQL tuners reguarly.

    I am on holiday from work for a week+ now. So I might not repy for a while.

    Thanks for any help.

  10. Strictly Software
    Member
    Posted 9 months ago #

    Don't suppose you have had a chance to look at this yet? I am back and WP Minify is still not working and I cannot find where this http://widgets.digg.com/buttons.js script is being loaded from.

    I am loathe to turn off ALL my plugins as some are needed to handle subscriptions and newsletters etc.

    However, and I don't want to upset you here. But I did de-activate Jetpack and as soon as I did that bit of script disappeared from my source code. E.g with Jetpack de-activated it is now.

    <meta name="twitter:creator" content="@ukhorseracetips"/>
    <!-- / Yoast WordPress SEO plugin. -->
    
    <!-- missing SCRIPT which appears when Jetpack is ON -->
    
    <meta content="UkTipster v.3.5" name="generator"/><link rel='stylesheet' id='admin-bar-css'  href='http://www.ukhorseracingtipster.com/wp-includes/css/admin-bar.min.css?ver=3.6.1' type='text/css' media='all' />
  11. Strictly Software
    Member
    Posted 9 months ago #

    Yep definitley Jetpack, I put it back on and now the script is back. It must be included when you drag options for sharing into the "share" box. It says "Services dragged here will be hidden behind a share button." so I reckon if you throw digg behind there it would add that code.

  12. Richard Archambault
    Happiness Engineer
    Plugin Author

    Posted 9 months ago #

    Hi,

    I humbly aplogize, I did not realize that inclduing the official Digg button in the sharing services also included that js file. You were right, I was wrong. I'm only human! :)

    I definitely see the error now too, if I include the official Digg button (but not with the other versions of the button, incuding Icon or Text or Icon and Text). Since it appears to be an issue with their code and not Jetpacks, I do not know if we can do anything about it on our end, but I have filed a Trac ticket for the issue here:

    http://plugins.trac.wordpress.org/ticket/1973

    Once again, I'm sorry for having missed it, and thanks for being persistent and sticking with it, and for all of your investigative work. I'll see what we can do to get this fixed!

  13. Strictly Software
    Member
    Posted 9 months ago #

    That's ok!

    Do I get to be a "happiness engineer" now? :)

  14. Richard Archambault
    Happiness Engineer
    Plugin Author

    Posted 9 months ago #

  15. Strictly Software
    Member
    Posted 9 months ago #

    Gutted, I know you work from home, around the world, but it seems like your side of the pond gets all the benefits.
    I don't know if I could work alone constantly and would probably miss an office environment.
    All good to think about though!

  16. Richard Archambault
    Happiness Engineer
    Plugin Author

    Posted 9 months ago #

    We do get together often for meetups. For example, that's the reason we were away last week, we were at the annual Automattic Grand Meetup in San Francisco. Google for "Automattic Grand Meetup" and you'll see ots of my colleague's tweets, posts, etc about it and how it works. :)

  17. Strictly Software
    Member
    Posted 9 months ago #

    Sounds good, but I don't know if being locked away with just breaks out would be good for me. I like the office. Would be better if it was my own office obviously but nice to have options anyway.

  18. chavis2001
    Member
    Posted 5 months ago #

    Hello to all"
    I m having a similar problem but i don't have any idea what to do :(
    i have this message in google chrome in my site http://www.designisabel.com

    Uncaught SecurityError: Blocked a frame with origin "http://www.designisabel.com" from accessing a frame with origin "chrome-extension://pioclpoplcdbaefihamjohnefbikjilc". The frame requesting access has a protocol of "http", the frame being accessed has a protocol of "chrome-extension". Protocols must match.
    addGrammarly min.js:101
    i min.js:101
    r min.js:17

    it keeps repeating till more than 170 errors!
    please i need some help

  19. Jeremy Herve
    Happiness Engineer
    Plugin Author

    Posted 5 months ago #

    @chavis2001 Could you please start your own thread, as per the Forum Welcome?
    http://wordpress.org/support/plugin/jetpack#postform

    Thank you!

Reply

You must log in to post.

About this Plugin

About this Topic