Etherpad doesn't work in recent Chrome

[rkfg]

Description

Etherpad widget shows an error on loading in Chrome 80. The error says

An error occurred
The error was reported with the following id: '<redacted>'
Please press and hold Ctrl and press F5 to reload this page, if the problem persists please send this error message to your webmaster:
'ErrorId: DRZzGT6IVQQKtTWm9tzH
URL: https://scalar.vector.im/etherpad/p/<redacted>?showControls=true&showChat=false&chatAndUsers=false&alwaysShowChat=false&showLineNumbers=true&useMonospaceFont=false&userName=<redacted>
UserAgent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.149 Safari/537.36
Uncaught TypeError: Cannot read property 'setStateIdle' of null in https://scalar.vector.im/etherpad/javascripts/lib/ep_etherpad-lite/static/js/pad.js?callback=require.define at line 3'

Steps to reproduce

• Open the Etherpad widget in Chrome 80 (tested in 80.0.3987.149) on Linux
• The error appears

The pad should open normally like it does in Firefox or in the desktop client. It also works fine in Chrome if opened in a separate tab but breaks in the iframe inside the page. Probably a security issue.

Logs being sent: no

Version information

• Platform: web (in-browser)
• Browser: Chrome/80.0.3987.149
• OS: Debian testing amd64
• URL: anywhere

[turt2live]

Seems to be working fine for me:

Looks like you might have some extension or browser feature blocking something it needs.

[rkfg]

I use a clear new profile and Riot from riot.im:

[rkfg]

Maybe this could be of use:

When I press the popout button it loads fine in a new tab and there are no such errors in the console.

[rkfg]

I think this is the root of the issue. Indeed, document.cookie doesn't work in Etherpad inside iframe. And this reply describes the solution. Disabling both these settings works around the new security restrictions:

• chrome://flags/#same-site-by-default-cookies
• chrome://flags/#cookies-without-same-site-must-be-secure

In Chrome beta 81.0.4044.83 there's a warning in the console:

A cookie associated with a cross-site resource at http://scalar.vector.im/ was set without the
`SameSite` attribute. A future release of Chrome will only deliver cookies with cross-site requests if
they are set with `SameSite=None` and `Secure`. You can review cookies in developer tools under
Application>Storage>Cookies and see more details at
https://www.chromestatus.com/feature/5088147346030592 and
https://www.chromestatus.com/feature/5633521622188032.

but Etherpad works fine. Looks like only Chrome 80.0.3987.149 is affected. Click the buttons on https://developer.mozilla.org/en-US/docs/Web/API/Document/cookie and if the alert is empty then you're also affected and need that workaround.

Another interesting moment is that this behavior and message is different in Chrome 80.0.3987.149 and Chromium 80.0.3987.149 (absolutely the same version). Chromium reports the same message as above but Chrome says:

A cookie associated with a cross-site resource at http://mdn.mozillademos.org/ was set without the SameSite attribute. It has been blocked, as Chrome now only delivers cookies with cross-site requests if they are set with SameSite=None and Secure. You can review cookies in developer tools under Application>Storage>Cookies and see more details at https://www.chromestatus.com/feature/5088147346030592 and https://www.chromestatus.com/feature/5633521622188032.

Same message but about scalar.vector.im appears in the console of the affected Chrome:

It appeared too early so I didn't even notice it. So I guess it's a bugged Google's build that's too strict by default but still good to know about that.

Considering that this has been already reported probably it's a good time to update your Etherpad on scalar before it hits everyone else on Chrome 83.

[turt2live]

I've raised this with the Scalar team to hopefully resolve soon. I still can't personally reproduce it, but all the links you've included here do indicate an impending problem.

[rkfg]

If it helps my google-chrome-stable is installed from deb [arch=amd64] http://dl.google.com/linux/chrome/deb/ stable main, the full version string in that repo is 80.0.3987.149-1. As of now there's no more recent version available except google-chrome-beta 81.0.4044.83-1 and google-chrome-unstable 83.0.4093.3-1, both of which don't block these cookies so the issue doesn't arise. Thanks for pushing the issue forward, hopefully it'll get resolved soon.

[bbigras]

Any progress on this?

[t3chguy]

Looks like an upstream issue which has been fixed and Etherpad needs updating https://github.com/ether/etherpad-lite/issues/3405 https://github.com/ether/etherpad-lite/issues/3691

[jaywink]

This should hopefully be fixed now with an update to the latest Etherpad release. Please reopen or comment with issues if this is not the case for you.