You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
iframing a cross-domain page that invokes the firebase js sdk seems to result in an error.
BrowserPollConnection.ts:503 Sandbox access violation: Blocked a frame at "https://overlays.rtirl.com" from accessing a frame at "null". Both frames are sandboxed and lack the "allow-same-origin" flag.
BrowserPollConnection.ts:518 Uncaught DOMException: Blocked a frame with origin "null" from accessing a cross-origin frame.
at Function.ji.createIFrame_ (https://overlays.rtirl.com/__/firebase/8.2.9/firebase-database.js:1:110223)
at new ji (https://overlays.rtirl.com/__/firebase/8.2.9/firebase-database.js:1:112331)
at n (https://overlays.rtirl.com/__/firebase/8.2.9/firebase-database.js:1:105983)
at Qi.open (https://overlays.rtirl.com/__/firebase/8.2.9/firebase-database.js:1:107180)
at https://overlays.rtirl.com/__/firebase/8.2.9/firebase-database.js:1:117875
If I understand same-origin policies correctly, I believe the sdk just needs to add the sandbox="allow-same-origin" attr to the created iframe element?
The text was updated successfully, but these errors were encountered:
Hi @kevmo314, thanks for the report and apologies for the delay in response. I was able to replicate this issue using the latest SDK version 8.6.2.
Per this similar issue filed before, it's working as expected. Let me check and update this thread for the explanation as to why, or bring someone here.
I see, thanks for the link. An explanation or documentation would definitely be appreciated. At the very least if it's WAI, a better error message so others don't waste time debugging. :)
Any update on this? We are also facing this with an iframe which is sandboxed to disallow allow-same-origin.
The workaround in #123 relies on forcing websockets but some firewalls block them.
[REQUIRED] Describe your environment
[REQUIRED] Describe the problem
iframing a cross-domain page that invokes the firebase js sdk seems to result in an error.
The relevant failure line is here: https://github.com/firebase/firebase-js-sdk/blob/master/packages/database/src/realtime/BrowserPollConnection.ts#L500
Steps to reproduce:
Domain foo.com:
Domain bar.com:
Should result in the above exception.
If I understand same-origin policies correctly, I believe the sdk just needs to add the
sandbox="allow-same-origin"
attr to the created iframe element?The text was updated successfully, but these errors were encountered: