Javascript errors from Google Adsense
Solution 1
Google have messed up their script. There's not much you can do about it.
For some reason http://pagead2.googlesyndication.net/pagead/expansion_embed.js
, included in the parent page by the AdSense scripts, is trying to send information about the advert into a newly-written <iframe>
created to hold the advert, using the new HTML5 postMessage facility:
ha(this, function (f, e) {
d[Pa](this.a[A]+"|"+f+":"+e, this.la)
});
Yeah. Some nice minified/obfuscated code there. Trust me, Pa
is 'postMessage'
!
The targetOrigin
argument in this call, this.la
is set to http://googleads.g.doubleclick.net
. However, the new iframe was written with its src
set to about:blank
. This doesn't match the target origin, so the browser must refuse to send the message. Only Chrome seems to be dropping an actual whinge to the console log about it though.
No idea why it's doing this at all, never mind why it's not just using '*'
as a target origin... I'm not really feeling like wading into the obfuscated script to find out. However, this error should not cause page loading to slow down. If you're seeing pauses it's usually resolving and fetching other external scripts.
Solution 2
Google's trying to exploit a browser quirk whereby some browsers ignore the same-origin policy for windows with about:blank as the URL, allowing that window to submit XMLHttpRequest or, in this case, postMessage requests to any site.
As far as I know, browsers have recently been disabling this behaviour. You must have one such patched browser.
Hopefully, this broken functionality doesn't affect your ability to earn money from the ads.
It's annoying for your site to generate Javascript errors through no fault of your own, but it is a possibility you must accept when you run someone else's Javascript on your page.
Solution 3
It's normal because your browser prevents CSRF attacks from other websites.
To allow googleads...
to access your website and solve this problem, create a file named crossdomain.xml
in your webroot and fill it with the following content:
<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy
SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="googleads.g.doubleclick.net" />
</cross-domain-policy>
To test it, go to your domain http://your-domain.com/crossdomain.xml and make sure there are no errors for that page. You also allowed to use wildcards, etc (look at reference). When you're done, refresh your page. Hope that helps.
Live example: http://www.blanjamudah.com/crossdomain.xml
Reference: http://en.wikipedia.org/wiki/Cross-site_request_forgery http://curtismorley.com/2007/09/01/flash-flex-tutorial-how-to-create-a-crossdomainxml-file/
Solution 4
A crossdomain.xml file in the site root allowing access to googleads.g.doubleclick.net should fix it.
See this page, http://www.warriorforum.com/adsense-ppc-seo-discussion-forum/458906-adsense-blank-space-problem.html
Solution 5
For those who land on this page after searching for the domain and protocol error code:
AdSense has released a new async version of their javascript that addressed the cross-domain errors being generated when we used their older embed code. When we used their standard embed code on our AJAX-heavy site, we got the cross-domain error. When we implemented their async code, and in combination with a properly defined crossdomain.xml the cross-domain error went away.
Related videos on Youtube
Arjun
Updated on July 05, 2022Comments
-
Arjun almost 2 years
On several of my adsense running sites, I have been getting the following errors:
Unable to post message to [http://]googleads.g.doubleclick.net. Recipient has origin http://www.anekdotz.com.
Unsafe JavaScript attempt to access frame with URL [http://]www.anekdotz.com/ from frame with URL [http://]googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9099580055602120&output=html&h=250&slotname=9210181593&w=300&flash=10.0.42&url=http%3A%2F%2Fwww.anekdotz.com%2F&dt=1269901036429&correlator=1269901036438&frm=0&ga_vid=711000587.1269901037&ga_sid=1269901037&ga_hid=654061172&ga_fc=0&u_tz=-240&u_his=2&u_java=1&u_h=900&u_w=1440&u_ah=878&u_aw=1436&u_cd=24&u_nplug=10&u_nmime=101&biw=1365&bih=806&eid=44901212&fu=0&ifi=1&dtd=153&xpc=Xkfk1oufPQ&p=http%3A//www.anekdotz.com. Domains, protocols and ports must match.
(from the Chrome javascript console)
The ads seem to show properly and it doesn't affect my native javascript code. However sometimes these errors seem to slow down page loading. How can I fix this problem?
(I modified the URLs to let me post this as I'm a new user)
-
Pekka about 14 yearsIs anekdotz.com your web site?
-
UpTheCreek over 13 yearsSame problem here. This post is from almost a year ago! If its a google problem, how is it that it's not fixed!? It's also killing other js on the site. According to this it seems to be related to leaderboard ads only.. google.com/support/forum/p/AdSense/…
-
Incognito over 13 yearsSubmit the issue to google adsense....
-
UpTheCreek over 13 years@user257493 - there are many examples of people with the same problem on the adsense groups/support pages, and I haven't seen anyone with a fix. Will submit the issue in the end, but I know it takes an age.
-
Jacob Lowe over 13 yearssame with google maps iframes, yeah google can break rules. hope it doesnt ruin the seo ranking ;-)
-
basZero over 12 yearsHas this been solved? I get the same error
Unable to post message to http://googleads.g.doubleclick.net. Recipient has origin http://www.mydomain....
and I can't fix it! I tested with the latest Chrome, FF 7, IE8 and 9, as well as the latest Safari. -
basZero over 12 yearsIs there any solution to this? The marked answer does not seem to be a solution for me...
-
-
Arjun about 14 yearsHey there, thanks for the heads up. Yeah I'm not sure whether it's actually slowing the page down, but it brings up the browsers "loading page" notification at the bottom while the page appears loaded. This is annoying and might also bother some users who think they should wait until their browser shuts up. I hope they do something about this soon.
-
Eli Grey over 13 years"allowing that window to submit ... postMessage requests to any site" How is that an exploit?
postMessage
may be called on any view without having to account for same origin restrictions. -
Jeff Walden over 13 yearsIt may be called that way, sure. But whether the message itself is sent depends on whether the target window, at the time the message is received, has the origin described by the second argument to
postMessage
. It seems that's not the case here. (As for why it could be an exploit, quoting from MDC: "If postMessage were used to transmit a password, it would be absolutely critical that this argument be a URI whose origin is the same as the intended receiver of the message containing the password, to prevent interception of the password by a malicious third party.") -
Mescalito almost 13 yearsI am also having this error, not particularly any slowness but I am realizing that it's making other JS to stop working, like fb social apps integration. I wonder how is it that this hasn't been fixed already.
-
fmalina over 8 yearsThis didn't work for me, it might be relevant for Flash Player.
-
Andres SK about 7 yearsMay I add: this only happens to me on a specific Chrome session where I have an ad blocker installed. I disabled the plugin for particular URLs, still the origin error message is triggered. If open the same site in incognito window, the problem disapears.
-
Server Overflow over 6 yearsIs this answer still valid in 2018?
-
Niresh over 2 yearsStrange behavior