Blocked script execution in because the document's frame is sandboxed - Angular application

Question

I have strange problem - when deploying app (pure angular application with rest api) to production server and accessing its url via link from other site (ref from email for example) I have got blank page - firefox say nothing, chrome says

Blocked script execution in 'URL of website' because the document's frame is sandboxed and the 'allow-scripts' permission is not set.

and blocks all my .js files...

what does it means? I have found on the Internet something about iframes but I have no iframes in my site...

Strangest thing in my opinion is that if I access that link directly everything works without any problem...

So how to avoid to this behaviour?

Thanks for any reply

Answer 1

The error message warns that an Iframe is sand-boxed without a proper privileges

Yes, you are clicking in an iFrame. This is an example of a sand-boxed iFrame.

<iframe sandbox src="http://usercontent.example.net/getusercontent.cgi?id=12193"></iframe>

If you inspect element on GMail, you will notice iFrames everywhere. The sandbox attribute is not always automatically attached, because the sandbox attribute controls what is allowed.

When a pop-up is needed, the attribute will change

<iframe sandbox="allow-same-origin allow-scripts allow-popups allow-forms" src="http://usercontent.example.net/getusercontent.cgi?id=12193"></iframe>

This is done to protect the user and the mail application from XSS

The iFrame has to allow pop-ups, new windows, or scripts. Whatever you are trying (probably just navigation), the action is being blocked by a sandbox.