Closed bigopon closed 4 years ago
I saw different error. Somehow brave prevented the nested iframe (the embedded app iframe in the dumber-gist example iframe).
__boot-up-worker.html:1 Uncaught (in promise) DOMException: Failed to register a ServiceWorker for scope ('https://5887cc0e17694eb2261c5e6d2776b600.gist.dumber.app/') with script ('https://5887cc0e17694eb2261c5e6d2776b600.gist.dumber.app/__dumber-gist-worker.js'): The user denied permission to use Service Worker.
So, i checked and saw this
The cookies at [hash].gist.dumber.app is blocked, even with my allowance for:
It seems [hash].gist.dumber.app
is considered a different site
and it seems to work fine on FF for me now, after I added the same config above
It also works fine on Chrome after the permission above
I am confused why Chrome and Brave (save engine) requires cross-origin cookie for service worker to work.
There is no doc said service worker needs cookie at all. I could not find any clear explanation.
In comparison, even I turn on "block all cookies" in Safari, dumber-gist still works in iframe. Safari clearly didn't check cookie permission for service worker.
Dumber-gist itself uses no cookie at all.
One thing might be related, cloudflare created a cookie __cfduid
on domain .dumber.ap
.
Thats a lot of issues. Though codesandbox works for me in iframe
Probably my limited understanding on service worker.
codesandbox can fall back to use backend, that might help.
Will try sandbox attribute tomorrow https://www.html5rocks.com/en/tutorials/security/sandboxed-iframes/
I guess both brave and safari had implicitly turned on some sandbox on iframe without sandbox attribute. They manifested into different issues.
allow-same-origin is probably the critical restriction to be lift off.
Nope :-(
It didn't help Brave with sandbox="allow-popups allow-popups-to-escape-sandbox allow-same-origin allow-scripts"
.
Although the additional sandbox attribute still worked in other browsers.
It did fix brave by turning off one config in brave shields.
Cookies, from "Only block cross-site cookies" to "All all cookies".
BTW, it's hyper confusing that Chromium (and Brave) uses term "cookies" to mean "cookies, and localStorage and few other things".
Turning shields off also worked for me.
I need to detect brave browser (and shields if possible), then tell user what to do if service worker didn't boot up after timeout.
Partially addressed this issue by telling user what to do when service worker failed.
@bigopon is this considered "fixed"? Dumber gist now shows some readable error message on failed service-worker, notifies user how to get around browser issue.
Yes, thanks @3cp . The solution is to upgrade to latest Brave
Simply navigate to https://buttonwoodcx.github.io/doc-bcx-validation/examples/foreach-and-nested on Brave browser, can't seem to get it to work even when turning off the shield
Getting FS errors, something like this: