-
Notifications
You must be signed in to change notification settings - Fork 892
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Compatibility with future Firefox versions #1374
Comments
@Trikolon Thanks for the heads up! The issue seems to happen in Firefox 86 with “Strict” ETP ( |
In private browsing mode Firefox disables service workers. From some quick debugging it looks like the code checks for service worker support. If I disable service workers in the normal window, the site also works there. |
As a Firefox user and new StackBlitz user I also had this problem today. I do have strict tracking protection enabled in Firefox, but there was no visual feedback that this is why it's not working. The preview pane stayed blank and there were error messages in the console about storage access. Interestingly, it still does not work with tracking protection disabled for So I decided to try it in Edge and it worked fine for the duration of my use, but it wasn't ideal. |
A bit of history for this bug:
|
The shim in Firefox was removed in late 2022. |
I’m a Privacy Engineer at Mozilla. I’m writing to report breakage of the Stackblitz preview feature caused by a new Firefox feature called State Partitioning. The preview browser breaks because it doesn’t get the expected storage access. For a full description of the breakage see: Bug 1668408.
To reproduce this, download Firefox Nightly and enable Strict privacy protections.
State Partitioning is a privacy feature that prevents embedded third-party iframes from having cross-site access to cookies and site data. Instead, these iframes will get a new (partitioned) data store for every top-level site that they are embedded in. For example, this means that when https://rxjs-yo2jz5.stackblitz.io is embedded on https://stackblitz.com it will be unable to access cookies that were set in other contexts (such as when a user visited your website via the url bar).
State Partitioning is currently only enabled by default in Firefox Nightly (our daily developer build), but we are planning to ship it to Firefox release users that have “Strict” privacy protections enabled in version 86 (expected release February 23rd). ~1.5% of Firefox Release users have opted into “Strict” protections. However, our long-term plan is to ship State Partitioning as part of “Standard” privacy protections, which is the default for most of our users.
Note that other browsers ship similar protections, which means that a similar issue also occurs on Chrome in Incognito Mode (see issue #162).
One option to fix this breakage is to have your embedded code call the Storage Access API, which is an API the browser provides to allow an embedded iframe to request access to its unpartitioned cookies and site data. If the storage access request is approved by the user, then your iframe will have access to the same cross-site state that it has today. Full documentation for the Storage Access API is available here: https://developer.mozilla.org/en-US/docs/Web/API/Storage_Access_API.
We’re happy to answer any questions you might have!
Edit: Here is some more info on how State Partitioning works: https://developer.mozilla.org/en-US/docs/Mozilla/Firefox/Privacy/State_Partitioning
The text was updated successfully, but these errors were encountered: