I am trying to add a Google Plus button to my site, and keep getting JavaScript safety warnings, despite the fact that I am using Google's recommended code, on Chrome.
I have reproduced the errors with code copied straight from Google Webmaster's recommended code, with no other additions:
<html itemscope itemtype="http://schema.org/">
<head>
<meta itemprop="name" content="Title">
<meta itemprop="description" content="Description">
</head>
<body>
<g:plusone annotation="inline"></g:plusone>
<script type="text/javascript">
(function() {
var po = document.createElement('script'); po.type = 'text/javascript'; po.async = true;
po.src = 'https://apis.google.com/js/plusone.js';
var s = document.getElementsByTagName('script')\[0\]; s.parentNode.insertBefore(po, s);
})();
</script>
</body>
Load this in Chrome (15 on Mac), and the developer console warns:
Unsafe JavaScript attempt to access frame with URL http://mydomain.com/
from frame with URL https://plusone.google.com/_/+1/fastbutton?url=http%3A%2F%2Fmydomain.com%2F&size=standard&count=true&annotation=inline&hl=en-US&jsh=m%3B%2F_%2Fapps-static%2F_%2Fjs%2Fwidget%2F__features__%2Frt%3Dj%2Fver%3Dt6mt7PFQYRQ.en_GB.%2Fsv%3D1%2Fam%3D!agWx4Vf_ACSIFA91ZQ%2Fd%3D1%2F#id=I1_1323174311773&parent=http%3A%2F%2Fmydomain.com&rpctoken=352111652&_methods=onPlusOne%2C_ready%2C_close%2C_open%2C_resizeMe.
Domains, protocols and ports must match.
Is the Google Webmaster recommended code simply unsafe? Or have I done something wrong?
This is a common warning thrown by social plugins. Twitter and Facebook plugins usually throw this warning too. You can safely ignore it.