Storybook: Uncaught DOMException: Blocked a frame with origin "http://localhost:9009" from accessing a cross-origin frame.

This is still not resolved; should we re-open this or open a new issue?

Clicked actions like in the documentation are working in Chrome but not in firefox.
Currently seeing this DOMException in FireFox
SecurityError: Permission denied to access property "toJSON" on cross-origin object

<Button  onClick={action("clicked")}  disabled={boolean('disabled', false)}>
  {text("Children (text)", "Hello World")}
</Button>

Click the button above logs the event details in chrome but not in FireFox.

I opened a fix PR in telejson!

Crikey!! I just released https://github.com/storybookjs/storybook/releases/tag/v5.3.0-beta.8 containing PR #8940 that references this issue. Upgrade today to try it out!

You can find this prerelease on the @next NPM tag.

Closing this issue. Please re-open if you think there's still more to do.

v5.3.0-beta.8 still has the Firefox bug for me. Version v5.3.9 also has the bug.
Version v6.0.0-alpha.1 also has the bug.

@zeorin could you check to see if the telejson dependency is actually updated in node_modules after installing?

@ndelangen it is for me:

npm ls telejson
[email protected] /Users/dick/Workspace/planner
└─┬ @storybook/[email protected]
  ├─┬ @storybook/[email protected]
  │ └─┬ @storybook/[email protected]
  │   └── [email protected] 
  └─┬ @storybook/[email protected]
    ├─┬ @storybook/[email protected]
    │ └── [email protected]  deduped
    └─┬ @storybook/[email protected]
      └── [email protected]  deduped

Thank you for checking.

Will put this back on my todo list

Could you please upgrade to the latest version and tell me if this is still a problem, and if it is give me a reproduction repo? 👏

@ndelangen this looks related to my issue #8768 which already includes steps to reproduce.

I some the same issue happening for me, on my server (locally it was fine), but I didn't need to update the storybook to fix it.

It was just a matter of setting the appropriate Content Security Policy header, changing X-Frame-Options: "DENY" to X-Frame-Options: "SAMEORIGIN".

@StJohn3D I think all of the core addons have stopped doing this in 6.0.0 beta

Im seeing this issue with the SB6 rc

I'm seeing this issue as well.

One important note of context for me: I'm trying to access the storybook production build directly by opening the index.html file. ^5.3.19 is the last version I tested where I was very easily able to do this. Any versions thereafter I've sort of had issues and get this cross-origin issue. If I run a server and load storybook, it works. Ideally storybook works "statically" without a server as well, but in any case this is how I'm triggering this issue. I don't know if this is the same ticket or another ticket but I'm happy to create an additional issue if it is.

I am also seeing this issue right now with 6.0.2

@michaelbayday could you supply a reproduction repo perhaps?

Let me see if I can get a boiler plate going or what I have in my repo

Edit

This issue doesn't occur always, soooo strange so please be sure to check it several times.

I have the same problem locally.
I created a codesandbox that demonstrates this problem:

CodeSandbox
https://codesandbox.io/s/mystifying-mendeleev-zoxtz?file=/src/stories/button.story.tsx

Fullscreen
https://zoxtz.sse.codesandbox.io/?path=/story/button--button-story

Reported error after clicking on button

Uncaught DOMException: Blocked a frame with origin "https://zoxtz.sse.codesandbox.io" from accessing a cross-origin frame.
    at JSON.stringify (<anonymous>)
    at stringify (https://zoxtz.sse.codesandbox.io/vendors~main.b4ad10535b4fddcf135c.bundle.js:69661:15)
    at PostmsgTransport.send (https://zoxtz.sse.codesandbox.io/vendors~main.b4ad10535b4fddcf135c.bundle.js:2172:42)
    at handler (https://zoxtz.sse.codesandbox.io/vendors~main.b4ad10535b4fddcf135c.bundle.js:2505:28)
    at Channel.emit (https://zoxtz.sse.codesandbox.io/vendors~main.b4ad10535b4fddcf135c.bundle.js:2515:9)
    at actionHandler (https://zoxtz.sse.codesandbox.io/vendors~main.b4ad10535b4fddcf135c.bundle.js:512:13)
    at HTMLUnknownElement.callCallback (https://zoxtz.sse.codesandbox.io/vendors~main.b4ad10535b4fddcf135c.bundle.js:36255:14)
    at Object.invokeGuardedCallbackDev (https://zoxtz.sse.codesandbox.io/vendors~main.b4ad10535b4fddcf135c.bundle.js:36304:16)
    at invokeGuardedCallback (https://zoxtz.sse.codesandbox.io/vendors~main.b4ad10535b4fddcf135c.bundle.js:36359:31)
    at invokeGuardedCallbackAndCatchFirstError (https://zoxtz.sse.codesandbox.io/vendors~main.b4ad10535b4fddcf135c.bundle.js:36373:25)

confirmed.. It seems the stringification of the event fails

Same problem here in 6.0.21

I'm getting this when attempting to build my local by running yarn build-storybook and then opening the index.html within the storybook-static repo... Just upgraded to 6.0.21

Is this issue related to sb core or a specific add on?

are others using JSON.stringify in their stories?

On Sep 9, 2020, at 10:53 PM, Sami Resua notifications@github.com wrote:


Is this issue related to sb core or a specific add on?

—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub, or unsubscribe.

are others using JSON.stringify in their stories?
…
On Sep 9, 2020, at 10:53 PM, Sami Resua @.*> wrote:  Is this issue related to sb core or a specific add on? — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub, or unsubscribe.

Not me.

I'm seeing this in 6.0.26. In my case, once I delete my one .mdx story, it builds and works fine. When I have a mix of js and mdx stories is when I see this error. I should also note that running yarn storybook works fine, its just when building the docs I see this error.

Hi everyone. Is this an issue in [email protected]? I am getting cors errors fetching stories.json.
I am serving storybook instances locally (npx serve) and I cannot get my main Storybook to fetch stories from other instances running.

Does npx serve serve with CORS headers enabled?

Can you try npx http-server? we've had problems with serve

I'm trying to reproduce this error again with the repro on codesandbox by @hinok

But I'm able to use that link now, where before I was indeed seeing the problem, it seems to work now:

@ndelangen I checked it and it still throws the error 😞

I'm seeing this with the Storybook Design System when trying to access index.html after running yarn run build-storybook. The non-static version (yarn storybook start) runs fine.

The project is running storybook 6.1.0-rc.3.

@itsderek23 I don't think it works with file URLs. you need to run a web server like npx http-server. works fine when served: https://storybook-design-system.netlify.app/

Head slap! Yes - that is it. For clarity, this works just fine:

 npx http-server storybook-static/

@shilman is that known? I ask because that was not always the case before v6, you could easily build an instance, compress it and share it with others. I feel like it's possible that a lot of people in this thread are running into this because it's not being run on a local server for whatever reason.

@reywright This issue is still open, isn't it? 😉 I think we were looking for a repro and the repro is to open built storybook from a file URL @ndelangen

I am also seeing this when trying to use Storybook Composition. It works fine within the original storybook, but I get the same error (Uncaught DOMException: Blocked a frame with origin from accessing a cross-origin frame.) at the same line whenever trying to load a story from the lower level "composed" storybook in the higher level "composing" storybook. Both storybook instances on 6.1.5, using basically stock webpack configs. If you'd like to verify/reproduce, here is a link to our Chromatic permalink. Anyone should be able to add this as a composed story and see the issue.

Anyone have ideas for a solution or workaround?

I'm also having this issue. Our current workaround which worked is to disable the actions addon.