SecurityError: Blocked a frame with origin "<origin-url>" from accessing a cross-origin frame

Hello wonderful people from the Sentry forums!

We seem to have started getting a bunch of these errors after upgrading the Sentry version (in our case it was from 5.6.2 to 5.7.1). Usually, these types of errors contain more info, such as where the mismatch was found (protocol/hostname/port), but the error we see in Sentry is very generic and does not provide any extra info.

In our case, it is just “SecurityError: Blocked a frame with origin “our domain” from accessing a cross-origin frame.”.
One more thing we noticed is that it usually always happens several minutes after our code has been shown and ran successfully, which leads us to think that it is coming from somewhere else (mostly because we do not perform any actions after the initial loading).

In the meantime, we upgraded Sentry to v5.8.0 and the errors still show up in Sentry. Before we proceed to filter out this error ourselves, we were wondering if someone might have noticed it themselves and maybe expand a bit on whether it is something that we should act on, or is it completely fine if we filter it out.

I was not able to reproduce this error in any way, so I can not provide a fiddle. It happens only in Chrome though, according to the Sentry dashboard.


Not sure if this is exactly what you’re running into, but we’ve been seeing this for a while. Our current best guess is that it has something to do with how the form input autofill works in some versions of Chrome (for us, this mainly happens on iphone Chrome - which is mysterious, but that’s what sentry says). This could explain why you see the error well after the page is loaded … it doesn’t trigger until the autofill initiates in some way.

Here’s a link with what I think is the same issue in an older version of Chrome (the error message is slightly different - the old message includes origin AND destination domain, the new message only includes origin)