-
-
Notifications
You must be signed in to change notification settings - Fork 1.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Replay causes error Blocked a frame with origin <hostname> from accessing a frame with origin "https://js.stripe.com"
in Safari when Stripe payment form is on the page
#13173
Comments
Blocked a frame with origin <hostname> from accessing a cross-origin frame.
in Safari when Stripe payment form is on the pageBlocked a frame with origin <hostname> from accessing a frame with origin "https://js.stripe.com"
in Safari when Stripe payment form is on the page
Ah, it's likely that we don't check the block attribute when an |
Yeah that sounds like it could be it! |
@billyvg I've assigned this to you. Let me know if there's something we can help with. |
This fixes a bug with iframes that are dynamically added to the DOM after the snapshot is taken where it is not being blocked at all. This ensures we check if iframe is considered blocked before adding to iframe manager. Closes getsentry/sentry-javascript#13173
Upgrade Sentry to v8.28.0 This include rrweb v2.26.0 with getsentry/rrweb#212 which claims to fix getsentry/sentry-javascript#13173
@andreiborza @billyvg getsentry/rrweb#212 was just released in Sentry. I tried upgrading to v8.28.0 in my reproduction repo, but the issue is still there for me. I have confirmed that the changes from getsentry/rrweb#212 are included in the release. Would you consider reopening this issue? Here's the deployed app with the issue https://sentry-replay-stripe.vercel.app. You can find the repo in the original description. |
@jakst thanks, looks like we are attempting to attach a |
Should I interpret that as "working as intended"? Or will you investigate if there are ways around it? If the browser blocks the listener from attaching to the iframe anyway, it doesn't sound like it needs to run in this case |
No, no conclusion yet, I've just identified the code in question (and a possible side-effect). We'll have to look into this a bit more and see if conditionally attaching event listener will cause anything unintended |
I'm experiencing the same issue, but without having Replay enabled. I'm on sentry/[email protected]. |
@metalmarker thanks for chiming in. Could you provide a minimal reproduction repo or stackblitz |
This issue has gone three weeks without activity. In another week, I will close it. But! If you comment or otherwise update it, I will reset the clock, and if you remove the label "A weed is but an unloved flower." ― Ella Wheeler Wilcox 🥀 |
Not stale |
Is there an existing issue for this?
How do you use Sentry?
Sentry Saas (sentry.io)
Which SDK are you using?
@sentry/browser
SDK Version
8.22.0
Framework Version
No response
Link to Sentry event
No response
Reproduction Example/SDK Setup
Steps to Reproduce
A minimal reproduction repro with a deployed example is available at https://github.com/jakst/sentry-replay-stripe. Basically running the Sentry Replay integration when a Stripe form is rendered causes this error
Blocked a frame with origin "https://sentry-replay-stripe.vercel.app" from accessing a frame with origin "https://js.stripe.com"
.I was following along in #6560 and though the issue was resolved, but even though I have confirmed the claimed fix is present in our version of the SDK, we still get this error with the stripe form together with Sentry Replay.
Expected Result
I would expect that setting
block: ["iframe"]
allows us to render the Stripe payments form without getting any errors.Actual Result
This error is written in the console on Safari
The text was updated successfully, but these errors were encountered: