SecurityError: Failed to read the 'sessionStorage' property from 'Window': Access is denied for this document.

[aehanno]

I get this error for display filter tab
SecurityError: Failed to read the 'sessionStorage' property from 'Window': Access is denied for this document.

when I display my embedded dashboard in chrome's private mode

How to reproduce the bug

1. Go to your private mode
2. Access to your embedded dashboard

Expected results

Dashboard is well display

Actual results

Error in filter tab : SecurityError: Failed to read the 'sessionStorage' property from 'Window': Access is denied for this document.

Screenshots

Environment

(please complete the following information):

• browser type and version: chrome
• superset version: 2.0.1

[treygilliland]

I am having the same issue on Superset version 2.0.1, haven't seen this with previous versions.

[treygilliland]

Providing some screenshots of what the error on the embedded iFrame shows:

[rusackas]

Pinging @lilykuang as a defacto embedded expert, and pinging @AAfghahi since this seems to be a 2.0.1 issue.

[AAfghahi]

thank you @rusackas we're going ot be making a minor 2.0.2 release and we will put this on the docket

[eric-briscoe]

I believe this issue was introduced by this PR: https://github.com/apache/superset/pull/18576/files#diff-0cf142796bd16ac5769ddcb30d41eda23c36ca61176dba4521e2125bd87da01c that adds use of window.sessionStorage in a new file. This PR merged to master branch about 11 months ago, but would not have showed up in a release until 2.0.0 and 2.0.1.

This PR fixes the same error reported here and was merged to master ~5 month ago: https://github.com/apache/superset/pull/21157/files which I do not think made it into 2.0.0 or 2.0.1.

@treygilliland to clarify, have you used 2.0.0 under same conditions and not had this error, or did you skip 2.0.0 and have only used 2.0.1 and are coming from 1.5.x version prior to this?

For more context, most browsers disable access to localStorage and sessionStorage when running in incognito / private modes. The PR that fixes the runtime error added a safety check to ensure window.localStorage and window.sessionStorage are available before calling them.

@AAfghahi @eschutho we should tag https://github.com/apache/superset/pull/21157/files with a 2.0 label so we can cherry it in as the fix for this in 2.0.2

[treygilliland]

@treygilliland to clarify, have you used 2.0.0 under same conditions and not had this error, or did you skip 2.0.0 and have only used 2.0.1 and are coming from 1.5.x version prior to this?

I am currently using Embedded Superset on a latest docker image from a few months ago and don't have this issue. The reason for migrating to 2.0.1 is so we can pin our instance to a version. I haven't tested 2.0.0 so the issue likely exists there if the fix you mentioned earlier wasn't present there.

[aehanno]

Hi @AAfghahi, Will the fix also be in version 2.1.0?

[treygilliland]

@eric-briscoe Just wanted to confirm that patching https://github.com/apache/superset/pull/21157/files onto 2.0.1 fixes the issue. Thank you for pointing this out! Would love to see this in 2.0.2

[AAfghahi]

@aehanno yes we will tag it and include it in the next release!

[aehanno]

Correction in 2.0.1

[frassinier]

Again a PR is needed for the same reasons. 🫣

#25599