Closed dpix closed 6 years ago
I'm seeing the error described in this stackoverflow question when calling appboy.openSession: https://stackoverflow.com/questions/39712455/indexdb-dom-exception-18-security-ios-10-iframe
As part of Safari's "Intelligent Tracking Prevention" they basically disable third party cookies in an Iframe when the user has not visited the page outside of an Iframe previously. Appears that this is also the case for access for IndexedDB.
The MDN article does note:
Third party window content (e.g. content) can access the IndexedDB store for the origin it is embedded into, unless the browser is set to never accept third party cookies (see bug 1147821.)</p> </blockquote> <p><a rel="noreferrer nofollow" target="_blank" href="https://developer.mozilla.org/en-US/docs/Web/API/IndexedDB_API/Using_IndexedDB#Security">https://developer.mozilla.org/en-US/docs/Web/API/IndexedDB_API/Using_IndexedDB#Security</a></p> <p>Looks like you need a check to see if you can set third party cookies, and if not fall back to another storage medium.</p> </div> </div> <div class="comment"> <div class="user"> <a rel="noreferrer nofollow" target="_blank" href="https://github.com/froodian"><img src="https://avatars.githubusercontent.com/u/1547435?v=4" />froodian</a> commented <strong> 6 years ago</strong> </div> <div class="markdown-body"> <p>Hi @dpix, thanks for reporting this issue.</p> <p>In our standard integration, the SDK is integrated into the page directly instead of in an iframe, which has been tested with Safari's "Intelligent Tracking Prevention," but our goal is of course to make our SDK as flexible, resilient, and cross-browser consistent as possible, so I consider this a bug. We're investigating ways we can avoid this issue and will get back to you. </p> <p>Thanks again.</p> </div> </div> <div class="comment"> <div class="user"> <a rel="noreferrer nofollow" target="_blank" href="https://github.com/dpix"><img src="https://avatars.githubusercontent.com/u/1099801?v=4" />dpix</a> commented <strong> 6 years ago</strong> </div> <div class="markdown-body"> <p>Thanks @froodian</p> <p>I'm not specifically using the SDK inside an IFrame. I work on a payments platform where our web app is often loaded into a merchant's website via an IFrame. Other times, users go directly to the site in the top frame of the browser which works perfectly well. Does that fall outside of a "standard integration"?</p> <p>Anyway, thanks for investigating!</p> <p>Cheers, Dan</p> </div> </div> <div class="comment"> <div class="user"> <a rel="noreferrer nofollow" target="_blank" href="https://github.com/froodian"><img src="https://avatars.githubusercontent.com/u/1547435?v=4" />froodian</a> commented <strong> 6 years ago</strong> </div> <div class="markdown-body"> <p>Hi @dpix - thank you for your patience - version 2.2.3 of the SDK has now been released to <a href="https://js.appboycdn.com/web-sdk/2.2/appboy.min.js">https://js.appboycdn.com/web-sdk/2.2/appboy.min.js</a> / <a href="https://js.appboycdn.com/web-sdk/2.2/service-worker.js">https://js.appboycdn.com/web-sdk/2.2/service-worker.js</a> and based on our testing should hopefully resolve this issue. Let me know if you still see this issue with the latest version of the Web SDK.</p> </div> </div> <div class="page-bar-simple"> </div> <div class="footer"> <ul class="body"> <li>© <script> document.write(new Date().getFullYear()) </script> Githubissues.</li> <li>Githubissues is a development platform for aggregating issues.</li> </ul> </div> <script src="https://cdn.jsdelivr.net/npm/jquery@3.5.1/dist/jquery.min.js"></script> <script src="/githubissues/assets/js.js"></script> <script src="/githubissues/assets/markdown.js"></script> <script src="https://cdn.jsdelivr.net/gh/highlightjs/cdn-release@11.4.0/build/highlight.min.js"></script> <script src="https://cdn.jsdelivr.net/gh/highlightjs/cdn-release@11.4.0/build/languages/go.min.js"></script> <script> hljs.highlightAll(); </script> </body> </html>
I'm seeing the error described in this stackoverflow question when calling appboy.openSession: https://stackoverflow.com/questions/39712455/indexdb-dom-exception-18-security-ios-10-iframe
As part of Safari's "Intelligent Tracking Prevention" they basically disable third party cookies in an Iframe when the user has not visited the page outside of an Iframe previously. Appears that this is also the case for access for IndexedDB.
The MDN article does note: