Android Webview: Scripts may close only the windows that were opened by it
I am loading a particular url
Afterwords I am redirecting it to some other domain and then coming back to my domain. Then I try to close the window in my javascript (window.close()). I get the below error while debugging remotely on chrome developer tools
Scripts may close only the windows that were opened by it.
I am getting the above error even though I am on the same domain with which I opened it.
Any help would be very much appreciated. Thank you.
1 Answer 1
This answer will be from Android App Developer perspective. I hope it will help someone.
The problem was very similar for me: I was opening a web site via webview, and some of the links were opening in a new window. The thing is that webview cannot work with web windows out of the box. I mean, it can be possible, but not as expected (in my case, when a link was opened in a separate window from javascript perspective, it were overriding previously opened page, and cannot be closed with a window.close() from javascript, which eventually were causing a state loss on a previous page).
So the task in my case was to open a single link in a window and go back to previous page without any state loss. That was my solution. I had two separate WebView s — one as a main one, and one for links in window. To be able to react on a «link in new window» event, I’ll configured main webView with this code:
We need only onCreateWindow callback to override in main webView chrome client, since it will only open new windows. And also allow a multiwindow support in webView.settings . When an onCreateWindow callback triggers, do the following:
Basically we’re sending this (create window) request to a separate webView . In it we should also allow a multiwindow support and attach a chrome client, in wich we should listen only onCloseWindow event, since this webView should behave as a window. When onCloseWindow triggers, we’re just closing (hiding/removing) webView that should act as a window, and returning to the main one. Here isWebWindowOpened method call just checks if the windowWebView is not null and visible.
The only thing I can mention, is that when a windowWebView is opened, onBackPressed action should close it calling handleCloseWebWindowRequest .
window.close() Won’t Close #3119
Comments
Copy link Quote reply
MehmetKursat commented Feb 21, 2015
Have an element like this:
after clicking on it, running window.close() gives this error:
Want to back this issue? Post a bounty on it! We accept bounties via Bountysource.
Copy link Quote reply
liyingzh commented Feb 27, 2015
It’s not reproduced.
The window closed correctly with click here in nw v0.12.0-rc1.
Copy link Quote reply
SystemZ commented Mar 5, 2015
I had the same issue like @FiatPax using nwjs-v0.12.0-rc1-linux-x64 build.
Solution was. restarting nw.js.
Seems that refresh from toolbar is blocking window.close()
Copy link Quote reply
FFAxKenny commented Mar 23, 2015
Was able to reproduce the issue; @SystemZ is right — the refresh from the toolbar appears to be blocking window.close() since it spawns a new page? Appears to be a browser security feature.
Copy link Quote reply
fucazu commented Mar 23, 2015
You can close using this function
Copy link Quote reply
FFAxKenny commented Mar 24, 2015
@fucazu: the issue still occurs for me if i use the call that comes from gui.Window.get(). Can you confirm?
Copy link Quote reply
fucazu commented Mar 24, 2015
@FFAxKenny: I was able to reproduce the error. Using the function that I suggest its a workaround for this issue.
Copy link Quote reply
benag commented Aug 2, 2015
var gui = require(‘nw.gui’);
var win = gui.Window.get();
win.close();
doesn’t always work in framless window.
Copy link Quote reply
mitselek commented Oct 28, 2015
+1: Can’t close frameless window on osx with window.close()
Copy link Quote reply
Christywl commented Aug 14, 2017
I can’t reproduce on nwjs-sdk-v0.24.2. Please run your test on the latest nwjs build.
Copy link Quote reply
Christywl commented Oct 9, 2017
close until there is more information.
You can’t perform that action at this time.
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session.
window.close and self.close do not close the window in Chrome
The issue is that when I invoke window.close() or self.close() it doesn’t close the window. Now there seems to be a belief that in Chrome you can’t close by script any window that is not script created. That is patently false but regardless it is supposed to still do it, even if it requires to pop up an alert to confirm. These are not happening.
So does anyone have real, functional and proven method of closing a window using something like javascript:window.close() or javascript:self.close() that actually does what is expected and something that happens just fine in every browser that is NOT Chrome based? Any suggestions would be greatly appreciated and I am looking for Javascript specific solution, nothing JQuery or third party implementation.
Update: While much of what has been suggested has serious limitations and usability issues, the latest suggestion (specific to TamperMonkey) using // @grant window.close in the script header will often do the trick even on those tabs that normally can’t handle the close method. While not entirely ideal and doesn’t generalized to every case, it is a good solution in my case.
16 Answers 16
Ordinary javascript cannot close windows willy-nilly. This is a security feature, introduced a while ago, to stop various malicious exploits and annoyances.
The close() method on Window objects should, if all the following conditions are met, close the browsing context A:
- The corresponding browsing context A is script-closable.
- The browsing context of the incumbent script is familiar with the browsing context A.
- The browsing context of the incumbent script is allowed to navigate the browsing context A.
A browsing context is script-closable if it is an auxiliary browsing context that was created by a script (as opposed to by an action of the user), or if it is a browsing context whose session history contains only one Document.
This means, with one small exception, javascript must not be allowed to close a window that was not opened by that same javascript.
Chrome allows that exception — which it doesn’t apply to userscripts — however Firefox does not. The Firefox implementation flat out states:
This method is only allowed to be called for windows that were opened by a script using the window.open method.
If you try to use window.close from a Greasemonkey / Tampermonkey / userscript you will get:
Firefox: The error message, » Scripts may not close windows that were not opened by script. »
Chrome: just silently fails.
The long-term solution:
The best way to deal with this is to make a Chrome extension and/or Firefox add-on instead. These can reliably close the current window.
However, since the security risks, posed by window.close , are much less for a Greasemonkey/Tampermonkey script; Greasemonkey and Tampermonkey could reasonably provide this functionality in their API (essentially packaging the extension work for you).
Consider making a feature request.
The hacky workarounds:
Chrome is currently was vulnerable to the «self redirection» exploit. So code like this used to work in general:
This is buggy behavior, IMO, and is now (as of roughly April 2015) mostly blocked. It will still work from injected code only if the tab is freshly opened and has no pages in the browsing history. So it’s only useful in a very small set of circumstances.
However, a variation still works on Chrome (v43 & v44) plus Tampermonkey (v3.11 or later). Use an explicit @grant and plain window.close() . EG:
Thanks to zanetu for the update. Note that this will not work if there is only one tab open. It only closes additional tabs.
Firefox is secure against that exploit. So, the only javascript way is to cripple the security settings, one browser at a time.
You can open up about:config and set
allow_scripts_to_close_windows to true .
If your script is for personal use, go ahead and do that. If you ask anyone else to turn that setting on, they would be smart, and justified, to decline with prejudice.
There currently is no equivalent setting for Chrome.