Open Bug 1664779 Opened 4 years ago Updated 2 years ago

document.requestStorageAccess() may not be called in a sandboxed iframe without allow-storage-access-by-user-activation in its sandbox attribute when the iFrame has the attribute value required

Categories

(Core :: DOM: Core & HTML, defect, P3)

Firefox 82
Desktop
Windows 10
defect

Tracking

()

UNCONFIRMED

People

(Reporter: liamwilson127, Unassigned)

References

(Blocks 1 open bug)

Details

User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:80.0) Gecko/20100101 Firefox/80.0

Steps to reproduce:

I have created two sites one with an iFrame and another to be displayed in the iFrame.
The HTML for the iFrame is as such:
"
<iframe width="500" height="500" src="http://test1.test" sandbox="allow-storage-access-by-user-activation allow-scripts allow-same-origin"></iframe>
"
In the embedded site I have this JavaScript

"
document.hasStorageAccess().then(hasAccess => {
if (hasAccess) {
// storage access has been granted already.
console.log("Has access");
} else {
// storage access hasn't been granted already;
// you may want to call requestStorageAccess().
console.log("No access");
$("#sign-in-btn").on("click", function () {
console.log("Press");
document.requestStorageAccess().then(
() => { console.log('access granted') },
() => { console.log('access denied') }
);
});
console.log("Press attached");
}
});
"

When using the nightly build I get the following output in the console from the embedded site
"
No access app.js:83:33
Press attached app.js:91:33
Press app.js:85:37
access denied app.js:88:49
document.requestStorageAccess() may not be called in a sandboxed iframe without allow-storage-access-by-user-activation in its sandbox attribute.
"

I'm new to using the storage access API so I might be doing something wrong please do let me know if that is the case, but from what it's telling me it seams like the sandbox attribute value is not working properly.

Actual results:

Even though I have the allow-storage-access-by-user-activation value in the Sandbox attribute the request to get storage access is not allowed

Expected results:

I would expect the request to get storage access to be allowed

OS: Unspecified → Windows 10
Hardware: Unspecified → Desktop
Version: 80 Branch → Firefox 82

Bugbug thinks this bug should belong to this component, but please revert this change in case of error.

Component: Untriaged → DOM: Core & HTML
Product: Firefox → Core
Blocks: 1469714
Severity: -- → S3
Flags: needinfo?(amarchesini)
Priority: -- → P3
Flags: needinfo?(amarchesini) → needinfo?(jhofmann)

Note: We should test it again to see if it's still broken, then figure out why it's broken.

Flags: needinfo?(jhofmann) → needinfo?(bvandersloot)

Tested on MacOS Nightly [94.0a1 (2021-09-15)]. Was not able to reproduce.

Flags: needinfo?(bvandersloot)
You need to log in before you can comment on or make changes to this bug.