Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Disabling third party cookies causes silent failure #99

Open
svachalek opened this issue Jun 10, 2015 · 6 comments
Open

Disabling third party cookies causes silent failure #99

svachalek opened this issue Jun 10, 2015 · 6 comments
Assignees
@ebidel
Labels
enhancement

Comments

@svachalek
Copy link

This is possibly/probably an issue with the underlying API but if third party cookies are disabled (Chrome Settings -> Privacy -> Content Settings -> Cookies -> Block third-party cookies and site data) the sign-in button will open and close the login window and a message will appear in the console stating that access to sessionStorage has been blocked.

A workaround is possible by adding "accounts.google.com" to the exception list but at the moment there's no way (as far as I can tell) to even know this failure happened. If the problem can't be prevented it would be at least nice to have some way to know it happened (or better, will happen).
@atotic
Copy link
Contributor

atotic commented Jun 11, 2015

Good one. It looks like we can't detect the failure, and oauth2 library gives no indication of failure.
Looks like there is an exception they could trap:

Uncaught SecurityError: Failed to read the 'sessionStorage' property from 'Window': Access is denied for this document.

@ebidel anyone on oauth2 team we could bug about this?

@adrienjoly adrienjoly mentioned this issue Jan 4, 2017
Closed
@posix4e
Copy link

posix4e commented Mar 18, 2017

Hello anyone working about this?

@adrienjoly
Copy link

@posix4e I don't think anyone is, unfortunately...

As @atotic said, I guess that the component could catch the error. But then, how should it react? Do you think of any alternative way the component could login the user, for instance?

@adrienjoly
Copy link

Maybe @sbeleidy (creator of login-fire) has an idea?

@sbeleidy
Copy link

@adrienjoly not sure really - you can check if cookies are enabled using navigator.cookieEnabled and handle that outside of the component. But I think that will apply to the site using the component not accounts.google.com so you'd still get issues if one and not the other are whitelisted. Not sure how to check if cookies are enabled for a specific domain.

@sbeleidy sbeleidy mentioned this issue Mar 19, 2017
Open
@svachalek
Copy link
Author

A lot of time has passed and I'm not even working on the project that was using this button anymore, but just to clarify the discussion: the problem is not that I wanted the button to react to the failure as @adrienjoly is suggesting, just to pass it on. I would have been fine catching an event and having the app just announce to the user that login was failing and maybe they should check their cookie settings. But there's no event to catch (afaik) and thus the app is blind to the fact that the user is mashing the button to no effect, which looks bad.

I just tried it again to refresh my memory and it looks like there's a promise failure being caught in wc-entry.js and being logged to the console, which as far as I can remember is more than it used to do but still doesn't help the end user much.

I ended up detecting the error indirectly Clippy-style, i.e. "It's taking you a long time to log in, perhaps you want to add this exclusion to your cookie settings?"

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@ebidel ebidel

Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@atotic @ebidel @adrienjoly @svachalek @posix4e @sbeleidy