BUG: cannot login if localstorage / sessionstorage (privacy) was disabled on Chrome

[adrienjoly]

identified from https://js-code.herokuapp.com (js qcm 5) by alexandre blanc.

cause:

when localstorage was disabled by the user on Chrome, the google-signin element fails to load:

644096210-idpiframe.js:12 Uncaught DOMException: Failed to read the 'sessionStorage' property from 'Window': Access is denied for this document.(…)

same problem cited there:

• Google Sign-in doesn't do anything when I block 3rd party cookies => "gapi.auth2 requires third-party cookies to be allowed" (source, nov 2016)
• Add Google Sign-in without using iframe, no solution given
• Google Sign-in does nothing when 3rd party cookies are disabled => solution: detect if third party cookies are enabled
• Client doesn't work if third-party session storage is disabled
• similar: Google signin not working in safari private mode => solution: detect storage capability and warn user

solutions:

1) re-enable localstorage on Chrome: http://stackoverflow.com/questions/24456891/iframe-in-chrome-error-uncaught-securityerror-failed-to-read-the-sessionstora

2) add accounts.google.com to exception list: https://github.com/GoogleWebComponents/google-signin/issues/99 (instructions en français)

[adrienjoly]

for reference, full error:

Uncaught DOMException: Failed to read the 'sessionStorage' property from 'Window': Access is denied for this document.
    at x.C (https://ssl.gstatic.com/accounts/o/1921062015-idpiframe.js:12:285)
    at Object.k.ub (https://ssl.gstatic.com/accounts/o/1921062015-idpiframe.js:8:121)
    at S.h.start (https://ssl.gstatic.com/accounts/o/1921062015-idpiframe.js:50:170)
    at Object.Bb [as startIdpIFrame] (https://ssl.gstatic.com/accounts/o/1921062015-idpiframe.js:84:713)
    at https://accounts.google.com/o/oauth2/iframe:1:414

[adrienjoly]

Behavior tests:

• Block sites alone => console error + google warns that cookies are disabled
• Block 3rd-party cookies alone => console.error + google login silently fails ⚠️
• whitelist accounts.google.com +Block sites => works without error √
• whitelist accounts.google.com +Block 3rd-party cookies => works without error √

[adrienjoly]

https://github.com/GoogleWebComponents/google-signin/issues/99#issuecomment-287895202 => suggestion: have a timeout display a message to the user, after a few seconds without successful login.

[adrienjoly]

Closing in favor of #58.