I’m working on a custom Figma plugin and running into trouble when trying to send data from my HTML interface to the main plugin code. Everything works fine until I try to use the postMessage function to communicate between the UI and backend.
Here’s my button handler code that’s causing the problem:
Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('null') does not match the recipient window's origin ('https://www.figma.com').
I’m developing this locally and testing it inside Figma’s browser environment. Not sure how to fix this origin mismatch issue. Any ideas on what I’m missing here?
had this issue too! just add the target origin to postMessage. use parent.postMessage({ pluginMessage: { title, author, content, themeMode, selectedOption } }, '*'). that should clear up the origin mismatch error!
This happens because postMessage needs an explicit origin parameter in Figma’s sandboxed environment. Without it, the browser defaults to ‘null’ which breaks Figma’s security policies. Adding ‘’ as the second parameter fixes this by allowing cross-origin communication. Just heads up - using '’ skips origin validation completely, so only do this if you trust the environment. For production plugins, you’d want to use ‘https://www.figma.com’ instead of the wildcard for better security.
yeah, classic figma plugin gotcha. the postMessage api needs you to specify where you’re sending the msg. change your line to parent.postMessage({pluginMessage: {title, author, content, themeMode, selectedOption}}, '*') - the asterisk accepts any origin and fixes the sandbox issue.
This happens because Figma has strict security rules for cross-origin messaging. You need to add a target origin as the second argument for postMessage to work in Figma plugins. I’ve found that using ‘*’ as the target origin usually does the trick: