OneSignal-Website-SDK icon indicating copy to clipboard operation
OneSignal-Website-SDK copied to clipboard

Published 20 hours ago verified publisher icon OneSignal

OneSignal.isPushNotificationsEnabled() does not work in Safari iframe

Open jones-rr opened this issue 4 years ago • 13 comments

Description:

code connected to isPushNotificationsEnabled() tries to call IDBFactory.open() which throws a security exception when called inside an iframe in Safari.

Steps to Reproduce Issue:

  1. a.html:

<html><body><iframe src=b.html></iframe></body></html>

  1. b.html:
<html><body>
<script src="https://cdn.onesignal.com/sdks/OneSignalSDK.js" async=""></script>
<script>
var OneSignal = window.OneSignal || [];
OneSignal.push(function() {
	OneSignal.init({
		appId: "...",
	});
	OneSignal.isPushNotificationsEnabled(function(b) {
		console.log ('push enabled: '+b);
	});
});
</script>
</body></html>
  1. Open a.html in Safari. Open developer tools. In debug panel, put a break point for "All Exceptions". Reload.
  2. Security Exception thrown trying to IDBFactory.open().

jones-rr avatar Dec 18 '19 18:12 jones-rr

Thank you for reporting

rgomezp avatar Jan 02 '20 19:01 rgomezp

Note this prevents the solution recommended on your page:

When user is subscribed to my.example.com, open an iframe to www.example.com. Call OneSignal.isPushNotificationsEnabled() in the iframe, which will return true for this user. Call OneSignal.setSubscription(false) in the iframe to unsubscribe the user from www.example.com, since they are already subscribed to my.example.com.

https://documentation.onesignal.com/docs/web-push-complex-integrations#section-override-subscription-status

Currently we are not sure how to implement OneSignal with a site that uses www1.example.com, www2.example.com, etc. since the recommended solution does not work.

jones-rr avatar Jan 02 '20 20:01 jones-rr

This is what happens when running my app in the Brave browser.

image

ejlocop avatar Mar 11 '20 10:03 ejlocop

@jones-rr , sorry for the delay. Are you still seeing the issue?

rgomezp avatar Apr 07 '20 22:04 rgomezp

@ejlocop , unfortunately Brave is not currently a supported browser. We hope to add support soon

rgomezp avatar Apr 07 '20 22:04 rgomezp

@rgomezp last time I checked - yes. Our site has www1.example.com, www2.example.com, etc. and we are not sure how to implement web push for this case, since the OneSignal recommendation is iframe but that is not supported for Safari.

jones-rr avatar Apr 07 '20 22:04 jones-rr

@jones-rr , Can you confirm your site is HTTP and not HTTPS?

rgomezp avatar Apr 07 '20 22:04 rgomezp

@rgomezp it's all https

jones-rr avatar Apr 07 '20 22:04 jones-rr

My mistake. Understood. Can you include a full stack trace that includes more than just the database security exception:?

rgomezp avatar Apr 07 '20 22:04 rgomezp

@rgomezp see attached Screen Shot 2020-04-08 at 4 27 30 PM

jones-rr avatar Apr 08 '20 21:04 jones-rr

Howdy, Thanks for the screenshot. Would you be willing to share your site URL so we can take a look ourselves?

rgomezp avatar Apr 22 '20 21:04 rgomezp

Closing due to no response

rgomezp avatar Jun 16 '20 00:06 rgomezp

You can close it if you want, but whether or not I can publish a live link on our site that you can use to investigate does not mean it's not a bug.

Reproduce it yourself using the instructions I gave up above.

jones-rr avatar Jun 16 '20 03:06 jones-rr

Using an iframe to share data between multiple domains an end-user visits isn't going to work any more due to Chrome's CHIPS / Storage Partitioning. Also, Safari already does this as well.

@jones-rr Is this your use case?

jkasten2 avatar Aug 16 '23 02:08 jkasten2