Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Blocked script execution in because the document's frame is sandboxed - Angular application

I have strange problem - when deploying app (pure angular application with rest api) to production server and accessing its url via link from other site (ref from email for example) I have got blank page - firefox say nothing, chrome says

Blocked script execution in 'URL of website' because the document's frame is sandboxed and the 'allow-scripts' permission is not set.

and blocks all my .js files...

what does it means? I have found on the Internet something about iframes but I have no iframes in my site...

Strangest thing in my opinion is that if I access that link directly everything works without any problem...

So how to avoid to this behaviour?

Thanks for any reply

like image 838
jreh Avatar asked Jul 02 '14 12:07

jreh


1 Answers

The error message warns that an Iframe is sand-boxed without a proper privileges

Yes, you are clicking in an iFrame. This is an example of a sand-boxed iFrame.

<iframe sandbox src="http://usercontent.example.net/getusercontent.cgi?id=12193"></iframe>

If you inspect element on GMail, you will notice iFrames everywhere. The sandbox attribute is not always automatically attached, because the sandbox attribute controls what is allowed.

When a pop-up is needed, the attribute will change

<iframe sandbox="allow-same-origin allow-scripts allow-popups allow-forms" src="http://usercontent.example.net/getusercontent.cgi?id=12193"></iframe>

This is done to protect the user and the mail application from XSS

The iFrame has to allow pop-ups, new windows, or scripts. Whatever you are trying (probably just navigation), the action is being blocked by a sandbox.

like image 148
Dave Alperovich Avatar answered Nov 06 '22 03:11

Dave Alperovich