The code you provided remains functional in k6 v0.46. The bypassCSP setting belongs to the browserContext options, as outlined in the browserContext documentation, rather than being a browser module option. You can continue configuring it as you have before without necessitating the use of environment variables.
Kindly produce a test script that reproduces the issue, letting us offer assistance.
The “Blocked a frame with origin from accessing a cross-origin frame” error is triggered by the Same-Origin Policy in web browsers, which prevents scripts in one frame from directly accessing content in a frame from a different origin due to security concerns. To address this issue, you should employ cross-origin communication techniques such as postMessage() for controlled messaging between frames, configure Cross-Origin Resource Sharing (CORS) headers when controlling both source and destination servers, or use JSONP for data retrieval. Verify proper URL configuration, consider server-side solutions, and adhere to browser extension policies. These measures ensure secure and legitimate interactions between frames without violating the security constraints imposed by the Same-Origin Policy.
Here’s an example to reproduce the problem:
I’ve setup a tmp instance of a Braintree credit card form here: https://k6csp.guruslabs.com/btree/
Here’s the sample k6 browser test I created
I tried executing this with:
K6_BROWSER_HEADLESS=false k6 run k6b-iframe.js
In desperation I also tried it with: K6_BROWSER_HEADLESS=false K6_BROWSER_ARGS='disable-web-security,user-data-dir=datadir' k6 run k6b-iframe-sample.js
In all scenarios I get the following error:
ERRO[0005] Uncaught (in promise) GoError: evaluating JS: DOMException: Blocked a frame with origin "https://k6csp.guruslabs.com" from accessing a cross-origin frame.
at __xk6_browser_evaluation_script__:3:89
at github.com/grafana/xk6-browser/api.Page.Evaluate-fm (native)
at file:///<<snip>>/k6b-iframe-sample.js:42:24(39) executor=shared-iterations scenario=browser
Re: CORS settings - those aren’t relevant here I think? Any CORS issues would pertain to Braintrees server settings, and the form in my demo is coming directly from Braintree and I can see their scripts/assets all load with the correct CORS headers in their responses:
e.g.
It seems like a local problem because it works on my localhost. Could you try running it from another machine/network to diagnose the problem? Another reason could be the element from the selector might not be appearing at the exact time.
Hi @inancgumus your answer here worked for me almost verbatim, as I have a similar CC processing service to test. I am using title= instead of name. My challenge is: there are multiple iframes, the CC number is in the first iframe and the CSC/CVV is in the second. Their titles are duplicated which I understand is suboptimal to do. The script will locate and type the CC number value in the first iframe but has cannot complete the location of the CSC/CVV; there is an error panic: GoError: dispose: canceled and the script stops. Are there alternate ways to refer to the iframe? I tried a counting approach but so far have not figured it out.
Update: this approach is working to target the correct iframe
The script goes into both separate iframes and manipulates the fields for each. These complete all the requirements for the form that creates an order which activates the place order button outside of the iframes (back on the primary document). The place order button gets clicked but during the waitForNavigation (immediately) the browser closes and script stops with the panic: GoError: dispose: canceled error; the stack trace is very close to identical to issue 1089. I am using k6.exe v0.49.0.
This looks like a csp issue is it? If so, update frame-ancestors or frame-src to allow the iframe’s origin, e.g, Content-Security-Policy: frame-ancestors 'self' https://trusted-origin.com;. When done, get to the use of pi for you maths.
