2
In order to understand my situation, I am trying to incorporate a document (page) in another document through the element <iframe>. This document I’m trying to embed contains a form that has a text input element with the attribute autofocus defined, but when trying to make the following error appears in the console:
Blocked autofocusing on a form control in a cross-origin subframe.
Translation:
Auto focus locked on a form control in a cross-origin subframe.
I have tried to solve this problem using the attribute crossorigin with the values anonymous and use-credentials, but unsuccessfully. The error continues to persist and does not focus on the text input element, I also tried to use the attribute sandbox and allow, but without success.
My doubts are:
- Why is this happening?
- How to correct?
By security measure, the browser blocks the auto focus on the iframe. There is no way to ignore this lock without tampering with advanced settings (flags) security.
– Valdeir Psr
This is to prevent clickjacking and such trickery. It is a matter of security anyway. Maybe with js you can make one . Focus() in iframe, but only testing to see if it is allowed... https://cornerpirate.com/2017/07/06/understanding-clickjacking/ some things goes up to "practice"
– hugocsl
It has nothing to fix, it is not a bug, the site within iframe does not belong to the same domain or port as the site that is embedding iframe, trying to access something like this, assuming it was possible, would be a security breach, since it could improperly manipulate other third-party websites, blocking is precisely to protect third-party websites.
– Guilherme Nascimento
Thanks guys for the support, really makes more sense now since if there was this "lock" enters several possibilities to steal user data.
– felipe cardozo