Trackingcode in iframe target of an external site

dywtglt · April 24, 2012, 12:29pm

Hello,

I have a website (example2.com) where I have a webpage with a piwik tracking code. I want to include this site via iframe on another site (example.com).

In several browser I get the below error. Well, I know why (assuming XSS prevention), but I don’t know how to fix it. I want to track the iframe target site.

Error occurs at least in Chrome 17.

Can somebody please help? I know that I can’t get tracking information from the parent of the iframe and I don’t need to. I only want to track the iframe webpage itself.


Unsafe JavaScript attempt to access frame with URL http://www.example.com/ from frame with URL http://www.example2.com. Domains, protocols and ports must match.

piwik.js:14
piwik.js:17
piwik.js:28
piwik.js:28

s
u
Piwik
(anonymous function)

dywtglt · April 30, 2012, 8:13am

Hello, I examined the code but still can’t find any solution for this problem. Is there anybody that can help please?

matthieu · April 30, 2012, 8:27am

To track the iframe you would have to put the JS code inside the iframe.

dywtglt · May 24, 2012, 3:33pm

Hi Matt,

thanks again. Of course the tracking-code (JS) is inside the iframe page. In the above example there is one tracking-code in www.example.com (regular site) and one tracking-code in www.example2.com (iframe-site). Both sites actually get tracked correctly (in their own piwik installations). The problem is not the tracking itself.

The only problem is the above warning that shows up in Chrome. In Firefox and other browser it’s okay.

Somehow Piwik JS Lib (piwik.js) wants to access information on the parent element of the iframe (which is not allowed).

Edit: I believe it’s windowAlias.parent.document.* what causes the security warning in Chrome. Well, as I said tracking works okay - but I don’t know if in future maybe js-scripts causing this “security violation” will be stopped from executing.


/*
634	                 * Get page referrer
635	                 */
636	                function getReferrer() {
637	                        var referrer = '';
638	
639	                        try {
640	                                referrer = windowAlias.top.document.referrer;
641	                        } catch (e) {
642	                                if (windowAlias.parent) {
643	                                        try {
644	                                                referrer = windowAlias.parent.document.referrer;
645	                                        } catch (e2) {
646	                                                referrer = '';
647	                                        }
648	                                }
649	                        }
650	                        if (referrer === '') {
651	                                referrer = documentAlias.referrer;
652	                        }
653	
654	                        return referrer;
655	                }

matthieu · May 24, 2012, 7:11pm

Thanks for the report. can you pelase create a ticket in dev.piwik.org and we will investigate!

dywtglt · June 11, 2012, 10:21am

Please see Tracking code in iframe target of an external site triggers warning in Chrome · Issue #3215 · matomo-org/matomo · GitHub