Rocket.Chat icon indicating copy to clipboard operation
Rocket.Chat copied to clipboard

Published 20 hours ago verified publisher icon RocketChat

Block third-party cookies

Open vivekkhatri opened this issue 5 years ago • 8 comments

As per the news, Google is planning to block third-party cookies in chrome browser by default. If that happens, I guess Rocket Chat won't be able to load while integrated within an iframe in a system hosted on different domain. I have tried modifying that setting in browser to reproduce the possible issue and certainly Rocket Chat in iframe didn't load. Although, the error occurred on "app/ui-utils/client/config.js" line no. 5 and the error in browser console says "failed to read the 'localstorage' property from 'window' access is denied for this document". Hence, regardless the browser setting name says "cookies", it will block all the storage areas of the browser. Anyone have any thoughts or workarounds when this setting is turned on by default in browsers?

Reference: https://www.bleepingcomputer.com/news/google/google-chrome-starts-testing-third-party-cookie-blocking/

vivekkhatri avatar Oct 19 '19 05:10 vivekkhatri

Any news on this?

neil-119 avatar Feb 10 '20 08:02 neil-119

This was fixed , and is configurable in the admin side of chat server. Go to administration -> General or https://chatserver-domain/admin/General , check off the Restrict access inside any Iframe option .

obonyojimmy avatar May 08 '20 19:05 obonyojimmy

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

github-actions[bot] avatar Jul 21 '20 00:07 github-actions[bot]

Even having "Restrict access inside any Iframe" set to off issue still can be reproduced, any suggestions or plans to fix iframe integraion?

radukg avatar Aug 13 '20 09:08 radukg

Issue still persisting with option disabled. Any updates?

MetahumanFamily avatar Jan 03 '21 16:01 MetahumanFamily

I still have this also on 3.11.0 with "Restrict access inside any Iframe" disabled

wizhippo avatar Feb 02 '21 15:02 wizhippo

I believe the the issue stems from

https://github.com/RocketChat/Rocket.Chat.Livechat/blob/03bee24daf382ccf555f1a1937624727689203da/src/store/Store.js#L4

Here when window is destructed it try to access window.localStorage which throws the error.

We could check for this such as

try { const { localStorage, sessionStorage } = window; } catch (e) { const { sessionStorage } = window; }

And later in persist skip persisting if localStorage is not available.

Thoughts?

wizhippo avatar Feb 02 '21 16:02 wizhippo

I would really appreciate if this would be included in Rocket.Chat!

jschirrmacher avatar Dec 23 '22 13:12 jschirrmacher

Seems like this has been fixed already. Please make a new report if the issue persists.

gabriellsh avatar Sep 19 '23 15:09 gabriellsh