Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

iFrame is not accessible on incognito chrome window #87901

Closed
bhavyarm opened this issue Jan 11, 2021 · 7 comments
Closed

iFrame is not accessible on incognito chrome window #87901

bhavyarm opened this issue Jan 11, 2021 · 7 comments
Labels
bug Fixes for quality problems that affect the customer experience Feature:Embedding Embedding content via iFrame impact:low Addressing this issue will have a low level of impact on the quality/strength of our product. loe:small Small Level of Effort Team:Core Core services & architecture: plugins, logging, config, saved objects, http, ES client, i18n, etc Team:Security Team focused on: Auth, Users, Roles, Spaces, Audit Logging, and more!

Comments

@bhavyarm
Copy link
Contributor

Kibana version: 7.11.0 latest snapshot

Elasticsearch version: 7.11.0 latest snapshot

Server OS version: darwin_x86_64

Browser version: chrome latest (incognito window)

Browser OS version: OS X

Original install method (e.g. download page, yum, from source, etc.): from staging

Describe the bug: If user tries to open iFrame from Kibana in an incognito window - Kibana displays

Failed to read the 'sessionStorage' property from 'Window': Access is denied for this document.

Please note safari/firefox private windows don't have this problem. iFrame is also accessible on regular (not incongnito) window

Screen Shot 2021-01-11 at 2 24 34 PM

Please note it works fine if user turns off the setting which blocks third party cookies on chrome incognito window -

Block third-party cookies When on, sites can't use cookies that track you across the web. Features on some sites may break.

Screen Shot 2021-01-11 at 2 25 10 PM

Errors in browser console (if relevant):

localhost:5601/37533/bundles/core/core.entry.js:13 Uncaught (in promise) DOMException: Failed to read the 'sessionStorage' property from 'Window': Access is denied for this document.
    at Module.<anonymous> (http://localhost:5601/37533/bundles/plugin/kibanaUtils/kibanaUtils.plugin.js:1:130622)
    at Object.__webpack_require__ [as bundleRequire] (http://localhost:5601/37533/bundles/plugin/kibanaUtils/kibanaUtils.plugin.js:1:920)
    at Object.get (http://localhost:5601/bootstrap.js:28:25)
    at Module.<anonymous> (http://localhost:5601/37533/bundles/plugin/kibanaReact/kibanaReact.plugin.js:6:64640)
    at __webpack_require__ (http://localhost:5601/37533/bundles/plugin/kibanaReact/kibanaReact.plugin.js:1:920)
    at Object.<anonymous> (http://localhost:5601/37533/bundles/plugin/kibanaReact/kibanaReact.plugin.js:6:63933)
    at __webpack_require__ (http://localhost:5601/37533/bundles/plugin/kibanaReact/kibanaReact.plugin.js:1:920)
    at Module.<anonymous> (http://localhost:5601/37533/bundles/plugin/kibanaReact/kibanaReact.plugin.js:6:72459)
    at Object.__webpack_require__ [as bundleRequire] (http://localhost:5601/37533/bundles/plugin/kibanaReact/kibanaReact.plugin.js:1:920)
    at Object.get (http://localhost:5601/bootstrap.js:28:25)
(anonymous) @ localhost:5601/37533/bundles/plugin/kibanaUtils/kibanaUtils.plugin.js:1
__webpack_require__ @ localhost:5601/37533/bundles/plugin/kibanaUtils/kibanaUtils.plugin.js:1
get @ localhost:5601/bootstrap.js:28
(anonymous) @ localhost:5601/37533/bundles/plugin/kibanaReact/kibanaReact.plugin.js:6
__webpack_require__ @ localhost:5601/37533/bundles/plugin/kibanaReact/kibanaReact.plugin.js:1
(anonymous) @ localhost:5601/37533/bundles/plugin/kibanaReact/kibanaReact.plugin.js:6
__webpack_require__ @ localhost:5601/37533/bundles/plugin/kibanaReact/kibanaReact.plugin.js:1
(anonymous) @ localhost:5601/37533/bundles/plugin/kibanaReact/kibanaReact.plugin.js:6
__webpack_require__ @ localhost:5601/37533/bundles/plugin/kibanaReact/kibanaReact.plugin.js:1
get @ localhost:5601/bootstrap.js:28
(anonymous) @ localhost:5601/37533/bundles/plugin/licensing/licensing.plugin.js:2
__webpack_require__ @ localhost:5601/37533/bundles/plugin/licensing/licensing.plugin.js:2
(anonymous) @ localhost:5601/37533/bundles/plugin/licensing/licensing.plugin.js:2
__webpack_require__ @ localhost:5601/37533/bundles/plugin/licensing/licensing.plugin.js:2
get @ localhost:5601/bootstrap.js:28
read @ localhost:5601/37533/bundles/core/core.entry.js:13
_callee3$ @ localhost:5601/37533/bundles/core/core.entry.js:13
l @ localhost:5601/37533/bundles/kbn-ui-shared-deps/kbn-ui-shared-deps.js:321
(anonymous) @ localhost:5601/37533/bundles/kbn-ui-shared-deps/kbn-ui-shared-deps.js:321
forEach.e.<computed> @ localhost:5601/37533/bundles/kbn-ui-shared-deps/kbn-ui-shared-deps.js:321
plugin_asyncGeneratorStep @ localhost:5601/37533/bundles/core/core.entry.js:13
_next @ localhost:5601/37533/bundles/core/core.entry.js:13
(anonymous) @ localhost:5601/37533/bundles/core/core.entry.js:13
(anonymous) @ localhost:5601/37533/bundles/core/core.entry.js:13
createPluginInstance @ localhost:5601/37533/bundles/core/core.entry.js:13
_callee$ @ localhost:5601/37533/bundles/core/core.entry.js:13
l @ localhost:5601/37533/bundles/kbn-ui-shared-deps/kbn-ui-shared-deps.js:321
(anonymous) @ localhost:5601/37533/bundles/kbn-ui-shared-deps/kbn-ui-shared-deps.js:321
forEach.e.<computed> @ localhost:5601/37533/bundles/kbn-ui-shared-deps/kbn-ui-shared-deps.js:321
plugin_asyncGeneratorStep @ localhost:5601/37533/bundles/core/core.entry.js:13
_next @ localhost:5601/37533/bundles/core/core.entry.js:13
(anonymous) @ localhost:5601/37533/bundles/core/core.entry.js:13
(anonymous) @ localhost:5601/37533/bundles/core/core.entry.js:13
setup @ localhost:5601/37533/bundles/core/core.entry.js:13
_callee$ @ localhost:5601/37533/bundles/core/core.entry.js:13
l @ localhost:5601/37533/bundles/kbn-ui-shared-deps/kbn-ui-shared-deps.js:321
(anonymous) @ localhost:5601/37533/bundles/kbn-ui-shared-deps/kbn-ui-shared-deps.js:321
forEach.e.<computed> @ localhost:5601/37533/bundles/kbn-ui-shared-deps/kbn-ui-shared-deps.js:321
plugins_service_asyncGeneratorStep @ localhost:5601/37533/bundles/core/core.entry.js:13
_next @ localhost:5601/37533/bundles/core/core.entry.js:13
(anonymous) @ localhost:5601/37533/bundles/core/core.entry.js:13
(anonymous) @ localhost:5601/37533/bundles/core/core.entry.js:13
setup @ localhost:5601/37533/bundles/core/core.entry.js:13
_callee$ @ localhost:5601/37533/bundles/core/core.entry.js:13
l @ localhost:5601/37533/bundles/kbn-ui-shared-deps/kbn-ui-shared-deps.js:321
(anonymous) @ localhost:5601/37533/bundles/kbn-ui-shared-deps/kbn-ui-shared-deps.js:321
forEach.e.<computed> @ localhost:5601/37533/bundles/kbn-ui-shared-deps/kbn-ui-shared-deps.js:321
core_system_asyncGeneratorStep @ localhost:5601/37533/bundles/core/core.entry.js:13
_next @ localhost:5601/37533/bundles/core/core.entry.js:13
Promise.then (async)
kbn_bootstrap_asyncGeneratorStep @ localhost:5601/37533/bundles/core/core.entry.js:13
_next @ localhost:5601/37533/bundles/core/core.entry.js:13
Promise.then (async)
kbn_bootstrap_asyncGeneratorStep @ localhost:5601/37533/bundles/core/core.entry.js:13
_next @ localhost:5601/37533/bundles/core/core.entry.js:13
(anonymous) @ localhost:5601/37533/bundles/core/core.entry.js:13
(anonymous) @ localhost:5601/37533/bundles/core/core.entry.js:13
_kbnBootstrap__ @ localhost:5601/37533/bundles/core/core.entry.js:13
__kbnBootstrap__ @ localhost:5601/37533/bundles/core/core.entry.js:13
(anonymous) @ localhost:5601/bootstrap.js:214
innerCb @ localhost:5601/bootstrap.js:91
load (async)
loadScript @ localhost:5601/bootstrap.js:81
(anonymous) @ localhost:5601/bootstrap.js:100
load @ localhost:5601/bootstrap.js:87
window.onload @ localhost:5601/bootstrap.js:105
load (async)
(anonymous) @ localhost:5601/bootstrap.js:48
Show 19 more frames
@bhavyarm bhavyarm added bug Fixes for quality problems that affect the customer experience Feature:Embedding Embedding content via iFrame Team:Security Team focused on: Auth, Users, Roles, Spaces, Audit Logging, and more! labels Jan 11, 2021
@elasticmachine
Copy link
Contributor

Pinging @elastic/kibana-security (Team:Security)

@legrego legrego added the Team:Core Core services & architecture: plugins, logging, config, saved objects, http, ES client, i18n, etc label Jan 11, 2021
@elasticmachine
Copy link
Contributor

Pinging @elastic/kibana-core (Team:Core)

@pgayvallet
Copy link
Contributor

pgayvallet commented Jan 12, 2021
edited
Loading

I think this is behavior from chrome that we don't have any control over.

Accessing the sessionStorage from an iframe seems considered as accessing third party cookies for chrome, and is disabled by default in anonymous mode, for security reasons.

Apparently, workaround is to manually enabled third party cookies in anonymous mode from chrome's setting page. User will need to check all all cookies here:

Screenshot 2021-01-12 at 08 09 49

We may need to document that somewhere, but that will be the only thing we can do. Manipulating the sessionStorage is mandatory for Kibana to work.

@legrego
Copy link
Member

legrego commented Jan 12, 2021

I'm not sure if this is feasible or not, but it would be great if we could test for this when Kibana is bootstrapping the client-side, and display a usable Fatal Error instead

@pgayvallet
Copy link
Contributor

Yea, we should add some preflight checks before bootstrapping the client-side and display a clear error in that case.
We should at least check for access to localStorage and sessionStorage. Does anyone see anything else?

@legrego
Copy link
Member

legrego commented Jan 14, 2021

Yea, we should add some preflight checks before bootstrapping the client-side and display a clear error in that case.
We should at least check for access to localStorage and sessionStorage. Does anyone see anything else?

I think localStorage and sessionStorage should cover our needs.

apepper added a commit to Scrivito/scrivito_example_app_js that referenced this issue Jul 5, 2021
@apepper
CookieConsent: Treat denied localStorage as "declined" cookie banner.
2310cf7 
Google Chrome seems to treat direct access to "localStorage" in an iframe in incognito as a "third party cookie" and blocks it (see [1]).

[1] elastic/kibana#87901 (comment)
@apepper apepper mentioned this issue Jul 5, 2021
Merged
@exalate-issue-sync exalate-issue-sync bot added impact:low Addressing this issue will have a low level of impact on the quality/strength of our product. loe:small Small Level of Effort labels Aug 5, 2021
@legrego
Copy link
Member

legrego commented Feb 7, 2022

Closing this in favor of #121189, which appears to be reporting the same behavior

@legrego legrego closed this as completed Feb 7, 2022
@Brandutchmen Brandutchmen mentioned this issue Jan 28, 2023
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Fixes for quality problems that affect the customer experience Feature:Embedding Embedding content via iFrame impact:low Addressing this issue will have a low level of impact on the quality/strength of our product. loe:small Small Level of Effort Team:Core Core services & architecture: plugins, logging, config, saved objects, http, ES client, i18n, etc Team:Security Team focused on: Auth, Users, Roles, Spaces, Audit Logging, and more!
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@pgayvallet @legrego @bhavyarm @elasticmachine