This is caused by cookie blocking `salesforce.com`, which is on the `ads-track-digest256` list (i.e., Level 1 list). When ETP is enabled, we see two `SecurityError` messages in the console. These seem to be coming from https://dellservices.my.salesforce.com/embeddedservice/5.0/frame/broadcast.esw.min.js and https://dellservices.my.salesforce.com/embeddedservice/5.0/frame/session.esw.min.js. `broadcast.esw.min.js` defines the following functions: ``` window.esw.defineFeature("Broadcast", function(t) { function e() { this.esw = t, this.callbacks = {}, this.storage = window.localStorage, this.prefix = "__broadcastAPI:", this.queue = {}, this.on(), this.off(), this.send(), window.addEventListener("storage", function(t) { var e, i = t.newValue, s = ""; 0 === t.key.indexOf(this.prefix) && null === t.oldValue && (e = t.key.replace(this.prefix, ""), "undefined" !== i && (s = JSON.parse(i)), this.broadcast(e, s)) }.bind(this)), window.addEventListener("storage", function(t) { var e; 0 === t.key.indexOf(this.prefix) && null === t.newValue && (e = t.key.replace(this.prefix, "")) in this.queue && (this.send(e, this.queue[e].shift()), 0 === this.queue[e].length && delete this.queue[e]) }.bind(this)) } e.prototype.on = function(t, e) { t in this.callbacks || (this.callbacks[t] = []), this.callbacks[t].push(e) }, e.prototype.off = function(t, e) { var i; t in this.callbacks && ("function" == typeof e && (i = this.callbacks[t].indexOf(e), this.callbacks[t].splice(i, 1)), "function" == typeof e && 0 !== this.callbacks[t].length || delete this.callbacks[t]) }, e.prototype.send = function(t, e) { var i = this.prefix + t; null === this.storage.getItem(i) ? (this.storage.setItem(i, JSON.stringify(e, function(t, e) { return void 0 === e ? null : e })), this.storage.removeItem(i)) : (i in this.queue || (this.queue[i] = []), this.queue[i].push(e)) }, e.prototype.broadcast = function(t, e) { t in this.callbacks && this.callbacks[t].forEach(function(t) { t(e) }) }, t.broadcastAPI = new e }); ``` `session.esw.min.js` defines several functions in the following way: ``` }, e.prototype.getSessionData = function(t, e, s) { var n, a = {}; if (n = s ? localStorage : sessionStorage, !t || !e) throw new Error("getSessionData requires two non-null arguments (domain, keys)."); return e.forEach(function(e) { a[e] = n.getItem(this.getKeyName(t, e)) }.bind(this)), a ``` Accessing `window.localStorage` will throw a `SecurityError`. Note that if `window.localStorage` were to return undefined the latter script would fall back to`sessionStorage` and continue to work as is. The doesn't seem to be the case for the earlier code.
Bug 1605723 Comment 1 Edit History
Note: The actual edited comment in the bug view page will always show the original commenter’s name and original timestamp.
This is caused by cookie blocking `salesforce.com`, which is on the `ads-track-digest256` list (i.e., Level 1 list). When ETP is enabled, we see two `SecurityError` messages in the console. These seem to be coming from https://dellservices.my.salesforce.com/embeddedservice/5.0/frame/broadcast.esw.min.js and https://dellservices.my.salesforce.com/embeddedservice/5.0/frame/session.esw.min.js. `broadcast.esw.min.js` defines the following functions: ``` window.esw.defineFeature("Broadcast", function(t) { function e() { this.esw = t, this.callbacks = {}, this.storage = window.localStorage, this.prefix = "__broadcastAPI:", this.queue = {}, this.on(), this.off(), this.send(), window.addEventListener("storage", function(t) { var e, i = t.newValue, s = ""; 0 === t.key.indexOf(this.prefix) && null === t.oldValue && (e = t.key.replace(this.prefix, ""), "undefined" !== i && (s = JSON.parse(i)), this.broadcast(e, s)) }.bind(this)), window.addEventListener("storage", function(t) { var e; 0 === t.key.indexOf(this.prefix) && null === t.newValue && (e = t.key.replace(this.prefix, "")) in this.queue && (this.send(e, this.queue[e].shift()), 0 === this.queue[e].length && delete this.queue[e]) }.bind(this)) } e.prototype.on = function(t, e) { t in this.callbacks || (this.callbacks[t] = []), this.callbacks[t].push(e) }, e.prototype.off = function(t, e) { var i; t in this.callbacks && ("function" == typeof e && (i = this.callbacks[t].indexOf(e), this.callbacks[t].splice(i, 1)), "function" == typeof e && 0 !== this.callbacks[t].length || delete this.callbacks[t]) }, e.prototype.send = function(t, e) { var i = this.prefix + t; null === this.storage.getItem(i) ? (this.storage.setItem(i, JSON.stringify(e, function(t, e) { return void 0 === e ? null : e })), this.storage.removeItem(i)) : (i in this.queue || (this.queue[i] = []), this.queue[i].push(e)) }, e.prototype.broadcast = function(t, e) { t in this.callbacks && this.callbacks[t].forEach(function(t) { t(e) }) }, t.broadcastAPI = new e }); ``` `session.esw.min.js` defines several functions in the following way: ``` }, e.prototype.getSessionData = function(t, e, s) { var n, a = {}; if (n = s ? localStorage : sessionStorage, !t || !e) throw new Error("getSessionData requires two non-null arguments (domain, keys)."); return e.forEach(function(e) { a[e] = n.getItem(this.getKeyName(t, e)) }.bind(this)), a ``` the choice to use session or local storage here is chosen by the calling code. E.g., https://dellservices.my.salesforce.com/embeddedservice/5.0/eswFrame.min.js calls this as follows: ``` n = JSON.parse(esw.sessionAPI.getSessionData(t, [ 'ACTIVE_CHAT_SESSIONS' ], !0) ``` Accessing `window.localStorage` will throw a `SecurityError`. We could see if Salesforce could migrate this over to session storage, since it appears to be a supported codepath.