manuelwedler
commented
2 months ago The issue seems to be that we are opening the link from an sandboxed iframe and the blockscout server sets this http header: cross-origin-opener-policy: same-origin
Open manuelwedler opened 2 months ago
manuelwedler
commented
2 months ago The issue seems to be that we are opening the link from an sandboxed iframe and the blockscout server sets this http header: cross-origin-opener-policy: same-origin
manuelwedler
commented
1 month ago I think this problem will actually not persist once the plugin is a native Remix plugin, because it won't be running inside an iframe anymore. Therefore, I'm closing this issue.
manuelwedler
commented
1 month ago I was wrong about the assumption that it won't be running in an iframe. If there isn't a fix for this we might have to disable Blockscout links.
manuelwedler
commented
1 month ago Had a look at the problem again and it seems adding allow-popups-to-escape-sandbox to the iframe's sandbox attribute would solve it. I will ask the Remix team if it will be possible to add it.
Here is a minimal reproduction btw: https://gist.github.com/manuelwedler/b39f3fe377f39683c2128138c3d4e5a0
When clicking the link to the contract code on Blockscout, the
Blockscout instance blocks the http requestbrowser blocks loading the resource. The URL seems to be fine as copying it to a fresh tab works. I think this might be related to the http request origin. We need to see if it is fixable, or otherwise report it to Blockscout.