Uncaught DOMException: Blocked a frame with origin "http://localhost:9009" from accessing a cross-origin frame.

[kon-rad]

Describe the bug
After updated storybook 3 to 5 the 'actions addon' throws CORS error when an action is performed. Figured out that setting the 'depth' option to 2 or less is a work around and no error appears. Posting bug report hoping any better solution may be found.

To Reproduce
Steps to reproduce the behavior:

1. Initiate any action on storybook 5. CORS error appears in console.

Expected behavior
Actions should be performed.

Screenshots
N/A

Code snippets
I traced the bug to the following line:

      var data = (0, _telejson.stringify)({
        key: KEY,
        event: event
      }, {
        maxDepth: depth
      }); // TODO: investigate http://blog.teamtreehouse.com/cross-domain-messaging-with-postmessage
      // might replace '*' with document.location ?

      iframeWindow.postMessage(data, '*');
      return Promise.resolve(null);

This configuration fixes the issue. But it would be great to have this resolved and allow for display of action with greater depth of the object.

configureActions({
  depth: 2 // anything higher than 2 causes CORS error in iframe postMessage method
});

System:

• OS: MacOS
• Device: Macbook Pro 2018
• Browser: chrome
• Framework: react
• Addons: actions
• Version: 5.1.9

Additional context
This happened after upgrading from 3 to 5. Default webpack config is used. Babel was also upgraded to 7.

[dancrumb]

This is still not resolved; should we re-open this or open a new issue?

[StJohn3D]

Clicked actions like in the documentation are working in Chrome but not in firefox.
Currently seeing this DOMException in FireFox
SecurityError: Permission denied to access property "toJSON" on cross-origin object

<Button  onClick={action("clicked")}  disabled={boolean('disabled', false)}>
  {text("Children (text)", "Hello World")}
</Button>

Click the button above logs the event details in chrome but not in FireFox.

[ndelangen]

I opened a fix PR in telejson!

[shilman]

Crikey!! I just released https://github.com/storybookjs/storybook/releases/tag/v5.3.0-beta.8 containing PR #8940 that references this issue. Upgrade today to try it out!

You can find this prerelease on the @next NPM tag.

Closing this issue. Please re-open if you think there's still more to do.

[zeorin]

v5.3.0-beta.8 still has the Firefox bug for me. Version v5.3.9 also has the bug.
Version v6.0.0-alpha.1 also has the bug.

[ndelangen]

@zeorin could you check to see if the telejson dependency is actually updated in node_modules after installing?

[sgtdck]

@ndelangen it is for me:

npm ls telejson
[email protected] /Users/dick/Workspace/planner
└─┬ @storybook/[email protected]
  ├─┬ @storybook/[email protected]
  │ └─┬ @storybook/[email protected]
  │   └── [email protected] 
  └─┬ @storybook/[email protected]
    ├─┬ @storybook/[email protected]
    │ └── [email protected]  deduped
    └─┬ @storybook/[email protected]
      └── [email protected]  deduped

[ndelangen]

Thank you for checking.

Will put this back on my todo list

[itsderek23]

Head slap! Yes - that is it. For clarity, this works just fine:

 npx http-server storybook-static/

[silouanwright]

@shilman is that known? I ask because that was not always the case before v6, you could easily build an instance, compress it and share it with others. I feel like it's possible that a lot of people in this thread are running into this because it's not being run on a local server for whatever reason.

[shilman]

@reywright This issue is still open, isn't it? 😉 I think we were looking for a repro and the repro is to open built storybook from a file URL @ndelangen

[anicholls]

I am also seeing this when trying to use Storybook Composition. It works fine within the original storybook, but I get the same error (Uncaught DOMException: Blocked a frame with origin from accessing a cross-origin frame.) at the same line whenever trying to load a story from the lower level "composed" storybook in the higher level "composing" storybook. Both storybook instances on 6.1.5, using basically stock webpack configs. If you'd like to verify/reproduce, here is a link to our Chromatic permalink. Anyone should be able to add this as a composed story and see the issue.

Anyone have ideas for a solution or workaround?

---

EDIT: After further research I've tracked it down to a few specific stories. This error appears when storybook tries to serialize a window object from the "composed" storybook. Now why that is happening in my use case is another story. There seems to be a bug in the docs addon (docgen). For a select few of our stories using components that use Popper.js, the docgen is interpreting a default value as the window object for Popper's placement prop (even though it is typed and assigned as 'top', not window). Still trying to track down why that is happening. Disabling the docs addon resolves the issue.

[webholics]

I'm also having this issue. Our current workaround which worked is to disable the actions addon.

[Blizard]

As @anicholls mentioned edit. Same for me. I fixed this issue when i disabled docs addon all stories.

[anicholls]

Another update: I think I've tracked down the problem with the Docs addon and I've opened a separate issue for it here: #13608.

Unfortunately the args (and their defaults) are extracted for all stories regardless of which ones have docs disabled so the only option to get composition to work is to disable the docs addon entirely.

[garyhlai]

I solved this by opening storybook in an incognito window. It's possible that Chrome plugins are messing with the browser.

[ndelangen]

I think we can close this issue now, #13608 was the fix.

[abbudao]

I believe I'm having this same issue on 6.2.0-rc.10. The problem is unique to Firefox (tested on 87, incognito off and on), as all examples worked just fine on Chromium 89.

Repro:

1. Create a fresh project with Create React App and Storybook CLI :

npx create-react-app bug-repro --template typescript && cd bug-repro && npx sb init && sed -i 's/"^6.1.*"/"6.2.0-rc.10"/' package.json && sed -i 's/"typescript": ".*"/"typescript": "4.1.2"/' package.json &&  yarn && yarn run storybook

2. Open Firefox and click on Header > Logged In component
3. Click on the Log out button

Let me know if I can be of any help 😉

[nickofthyme]

I am still seeing this issue having a similar case to @itsderek23.

I recently upgrade storybook from ^5.3.19 to ^6.3.4 with no major changes to our component src code.

What works?

• Running storybook via storybook-start ✅
• Building storybook via storybook-build and hosting the build via npx http-server <output> ✅

What does NOT work (i.e. storybook page not rendered)?

• Opening the output index.html in Chrome directly from file path, also not working in incognito. This worked in 5.3.19 ❌
• Building and deploying storybook to gh-pages. This worked in 5.3.19 ❌

Both cases above throw the following errors in the console.

vendors~main.a4359a8c7927629868c8.manager.bundle.js:2 DOMException: Blocked a frame with origin "null" from accessing a cross-origin frame.
    at file:///Users/elon/storybook-output/main.241a4736bb305c4597a6.manager.bundle.js:1:13628
    at Ii (file:///Users/elon/storybook-output/vendors~main.a4359a8c7927629868c8.manager.bundle.js:2:1615635)
    at Vj (file:///Users/elon/storybook-output/vendors~main.a4359a8c7927629868c8.manager.bundle.js:2:1634368)
    at exports.unstable_runWithPriority (file:///Users/elon/storybook-output/vendors~main.a4359a8c7927629868c8.manager.bundle.js:2:1652922)
    at cg (file:///Users/elon/storybook-output/vendors~main.a4359a8c7927629868c8.manager.bundle.js:2:1577591)
    at Dj (file:///Users/elon/storybook-output/vendors~main.a4359a8c7927629868c8.manager.bundle.js:2:1634130)
    at yj (file:///Users/elon/storybook-output/vendors~main.a4359a8c7927629868c8.manager.bundle.js:2:1625989)
    at file:///Users/elon/storybook-output/vendors~main.a4359a8c7927629868c8.manager.bundle.js:2:1577882
    at exports.unstable_runWithPriority (file:///Users/elon/storybook-output/vendors~main.a4359a8c7927629868c8.manager.bundle.js:2:1652922)
    at cg (file:///Users/elon/storybook-output/vendors~main.a4359a8c7927629868c8.manager.bundle.js:2:1577591)
Ci @ vendors~main.a4359a8c7927629868c8.manager.bundle.js:2
vendors~main.a4359a8c7927629868c8.manager.bundle.js:2 Uncaught DOMException: Blocked a frame with origin "null" from accessing a cross-origin frame.
    at file:///Users/elon/storybook-output/main.241a4736bb305c4597a6.manager.bundle.js:1:13628
    at Ii (file:///Users/elon/storybook-output/vendors~main.a4359a8c7927629868c8.manager.bundle.js:2:1615635)
    at Vj (file:///Users/elon/storybook-output/vendors~main.a4359a8c7927629868c8.manager.bundle.js:2:1634368)
    at exports.unstable_runWithPriority (file:///Users/elon/storybook-output/vendors~main.a4359a8c7927629868c8.manager.bundle.js:2:1652922)
    at cg (file:///Users/elon/storybook-output/vendors~main.a4359a8c7927629868c8.manager.bundle.js:2:1577591)
    at Dj (file:///Users/elon/storybook-output/vendors~main.a4359a8c7927629868c8.manager.bundle.js:2:1634130)
    at yj (file:///Users/elon/storybook-output/vendors~main.a4359a8c7927629868c8.manager.bundle.js:2:1625989)
    at file:///Users/elon/storybook-output/vendors~main.a4359a8c7927629868c8.manager.bundle.js:2:1577882
    at exports.unstable_runWithPriority (file:///Users/elon/storybook-output/vendors~main.a4359a8c7927629868c8.manager.bundle.js:2:1652922)
    at cg (file:///Users/elon/storybook-output/vendors~main.a4359a8c7927629868c8.manager.bundle.js:2:1577591)
vendors~main.a4359a8c7927629868c8.manager.bundle.js:2  manager  received storybookjs/knobs/set-options but was unable to determine the source of the event
error @ vendors~main.a4359a8c7927629868c8.manager.bundle.js:2
vendors~main.a4359a8c7927629868c8.manager.bundle.js:2  manager  received storyRendered

I also have the docs addon disabled so I'm not sure how #7215 (comment) is the fix to this issue.

Am I missing something here?

[markov00]

I'd also like to link a similar case here with GitHub Pages storybook-eol/storybook-deployer#97

[nickofthyme]

After removing storybook-addon-themes accessing via output/index.html works fine.

[b0o]

I was having this issue and it turned out one of my Firefox extensions (Surfingkeys) was triggering it to happen. The question is why does this happen?

[nickofthyme]

In the case of storybook-addon-themes, they are attempting to access the story preview iframe via it's id ('storybook-preview-iframe'). They do this to pass styles to be set on elements within the iframe but a better way is to use globals to pass the context down. Doing this causes no issues when run on a local http server but DOES throw the above error when accessing the statically built site.

I'm not sure if this is the same cause for Surfingkeys.