Blog of Raivo Laanemets

Stories about web development, freelancing and personal computers.

PhantomJS unsafe frame access mess

I use CasperJS+PhantomJS in multiple projects to test web functionality. PhantomJS is an headless web browser and CasperJS is a test runner for it. With PhantomJS 1.9.8 I started to seeing following messages in terminal:

Unsafe JavaScript attempt to access frame
with URL about:blank from frame with URL
Domains, protocols and ports must match.

This error/warning comes from PhantomJS and has been reported already. It breaks multiple tools that use STDIO communication with PhantomJS. It does not break CasperJS and tests for my projects but non-needed warning messages are still annoying. I discovered a number of tangentially related issues around PhantomJS and CasperJS while looking for potential solutions.

Really high stack

PhantomJS is amazing but depends on the following complex technologies:

  • Qt and QtWebKit - these provice the actual headless browser.
  • Compilers - Qt and QtWebKit are written in C++ and are very large libraries. Different platforms (Linux, Windows, OS X) use different compilers with all of them requiring complicated setup for producing static binaries. This is part of the problem.
  • npm and Node.js - this is one very convenient way to install PhantomJS.

Linux distros can't do binary apps

The unsafe access issue is fixed in PhantomJS 2.0.0 but there is no build of it for Linux. The result is also that npm-based installer supports 1.9.x series only. The main reason for no Linux builds is here (warning: very long reading). While the static binary seems to be buildable, the official one seems to be delayed until upgrade to Qt 5.5 and there is no timeframe given.

CasperJS: no PhantomJS 2.x support

However, official CasperJS cannot be used with PhantomJS 2.x anyway. You would get an error:

casperjs test tests/*
CasperJS needs PhantomJS v1.x

  /usr/local/lib/node_modules/casperjs/bin/bootstrap.js:91 in __die
make: *** [test] Error 1

Which requires custom fork for CasperJS. The last version (1.1.0-beta3) of CasperJS was published more than 2 years ago. CasperJS support for 2.x is also said to be waiting on 2.x Linux binaries. The much bigger issue might be that CasperJS is just abandoned, even if PhantomJS 2.x Linux binaries shipped.

Cannot downgrade on Node.js 4.x

One way to get rid of the error/warning message is to downgrade PhantomJS to 1.9.7. This sounds easy and might work for you unless you need 2.x features. There is a gotcha: you cannot downgrade on a system where npm is run with Node.js 4.x. The attept (npm package phantomjs@1.9.9 installs phantomjs 1.9.7) produces this:

npm install phantomjs@1.9.9 -g

/usr/local/bin/phantomjs -> /usr/local/lib/node_modules/phantomjs/bin/phantomjs
> phantomjs@1.9.9 install /usr/local/lib/node_modules/phantomjs

> node install.js

Looks like an `npm install -g`; unable to check for already installed version.
Saving to /usr/local/lib/node_modules/phantomjs/phantomjs/phantomjs-1.9.7-linux-x86_64.tar.bz2
  [======================================--] 96% 0.0s
Received 12852K total.
Extracting tar contents (via spawned process)

Copying extracted folder /usr/local/lib/node_modules/phantomjs/phantomjs/phantomjs-1.9.7
-linux-x86_64.tar.bz2-extract-1447027843034/phantomjs-1.9.7-linux-x86_64 ->

The command just hangs in the copy process. Comes out that a package used by npm-based phantomjs installer does not work on Node.js 4.x. This makes it really inconvenient if you need 4.x for other things. The blame for this bug goes to the ncp package, a phantomjs installer dependency for failing to do version sniffing correctly.

PhantomJS: no further 1.9 release

Another way to get rid of the warning/error message would be to install fixed 1.9.x PhantomJS. However, any further 1.9.x release is denied although the issue is actually fixed in the repository.

Hacking around

There is a workaround to avoid the message. This involves shutting down PhantomJS in a setTimeout handler. The workaround can be fitted to CasperJS as well, with some cost of code verbosity. Currently it seems to be the only sane solution.


No comments have been added so far.

Email is not displayed anywhere.
URLs (max 3) starting with http:// or https:// can be used. Use @Name to mention someone.