Cross-origin iframe doesn't have accessible "parent" and "top" properties in "window.parent"

[yss50829]

NWJS Version : sdk-0.25.0 (same in sdk-0.22.3)
Operating System : Win7, x64

Expected behavior

window.parent.parent and window.parent.top should return a Window and shouldn't throw error in cross-origin iframe. It's behavior of Google Chrome.

Actual behavior

VM346:1 Uncaught DOMException: Blocked a frame with origin "..." from accessing a cross-origin frame.
    at <anonymous>:1:15

How to reproduce

1. Launch nw.exe
2. Open DevTools
3. Run in console

var iframe = document.createElement('iframe');
iframe.src = 'https://example.com/';
document.body.appendChild(iframe);

4. Switch frame selector for console from "top" to "example.com"
5. Run in console window.parent.parent (in "example.com" iframe)

Real issue

Google IMA is not working in NW.js because of exception in part of code

for (var f = 0; e != e.parent; )
            f++,
            e = e.parent;

where variable "e" is equal to "window".
You can check it on page: https://developers.google.com/interactive-media-ads/docs/sdks/html5/vastinspector
You will see cross-origin exceptions in console.
Note please, that in version 0.25.0 page with Google IMA library becomes unresponsive on load, so you should use earlier versions for reproducing exactly this issue.

[fastCargo]

you can try adding this to package.json to avoid the cors error:

"chromium-args": "--disable-web-security",

[yss50829]

I have used it already as a temporary solution, but it adds a serious vulnerability to app. So this issue is important to be fixed.

[Christywl]

I can reproduce this issue on Linux/Windows with nwjs-sdk-v0.25.0.

[rogerwang]

This shares the same root cause and fixed in #6099 . Please reopen if it's not.