richdocuments icon indicating copy to clipboard operation
richdocuments copied to clipboard
verified publisher icon nextcloud

Crash when nextcloud is inside an iframe

Open jnoel974 opened this issue 2 years ago • 3 comments

Describe the bug When Nextcloud is inside an iframe, the new code for a dark interface crashes the richdocuments app.

To Reproduce Steps to reproduce the behavior:

  1. Have nextcloud in an iframe
  2. Open a richdocument file

Expected behavior The document should open

Client details:

  • OS: archlinux
  • Browser firefox
  • Version: 118.0
  • Device: desktop

Server details

Operating system: Debian 11

Web server: Apache

Database: Mysql

PHP version: 8.2

Nextcloud version: 27.1.1

Version of the richdocuments app 8.2

Version of Collabora Online 22.05.12.2

The call to "parent.document.body.dataset" inside "src/helpers/coolParameters.js" (lines 35 and 36) causes an error because I think the code is trying to access the site containing the iframe and not nextcloud. There should be a way to access the parent just above and not the root site. I don't know if this is possible? But by setting the 2 variables nextcloudDarkMode and matchedDarkMode to false, it works again.

Browser log

The javascript console log :

Permission denied to access property "document" on cross-origin object

jnoel974 avatar Sep 30 '23 07:09 jnoel974

Right, we can actually just use document.body if available. Parent calls are just needed for the public page still as we have the nested iframes there.

Edit: Maybe we just use something like this to check which one to use (untested):

const dataSet = document.body.dataset?.themeDark ? document.body.dataset : parent.document.body.dataset
const nextcloudDarkMode = dataset?.themeDark === '' || dataset?.themeDarkHighcontrast === ''
const matchedDarkMode = dataset?.themeDefault === '' ? systemDarkMode : nextcloudDarkMode

juliusknorr avatar Oct 12 '23 11:10 juliusknorr

also after the latest fix, the error still happens. I'm running latest richdocument app (8.3.4)

I have embedded nextcloud inside an iframe like

outer frame is mydomain.de nextcloud frame is nextcloud.mydomain.de

and I get the error "DOMException: Permission denied to access property "document" on cross-origin object"

I thin you should catch this kind of errors and just ignore, because it is not allowed to access the outer frame

HolgerHees avatar Apr 13 '24 07:04 HolgerHees

Agreed that this fix does not resolve the issue, even in richdocument app 8.5.0.

Current problematic line is line 34:

const dataset = (document.body.dataset.themes ? document.body.dataset : parent?.document.body.dataset) ?? {}

Which still includes a problematic parent call in an iframe setup.

Changing to:

const dataset = (document.body.dataset.themes ? document.body.dataset : {}) ?? {}

Resolves the issue. Is that parent call even necessary? If not, above code is simple fix. Otherwise, would need to add some wrapper code to check if document.location == parent.location prior to trying to access anything on the parent.

s0kr8s avatar Apr 18 '24 04:04 s0kr8s