37

I have strange problem - when deploying app (pure angular application with rest api) to production server and accessing its url via link from other site (ref from email for example) I have got blank page - firefox say nothing, chrome says

Blocked script execution in 'URL of website' because the document's frame is sandboxed and the 'allow-scripts' permission is not set.

and blocks all my .js files...

what does it means? I have found on the Internet something about iframes but I have no iframes in my site...

Strangest thing in my opinion is that if I access that link directly everything works without any problem...

So how to avoid to this behaviour?

Thanks for any reply

jreh
  • 600
  • 1
  • 6
  • 16
  • If 'email' means a webclient it's more likely that the site opens in sandboxed iframe, i mean it's not opened directly in your browser – maurycy Jul 02 '14 at 12:31
  • maybe you have some very weird strict firewall policies inside your companys network ? – Michał Lach Jul 02 '14 at 12:31
  • 3
    I use mailtrap.io for emails, and that email (with link) is opened in iframe - maybe that is the problem, but I don't understand how iframe can affect redirecting to other site (I would understand if whole site would be opened in that iframe) – jreh Jul 02 '14 at 12:35

1 Answers1

45

The error message warns that an Iframe is sand-boxed without a proper privileges

Yes, you are clicking in an iFrame. This is an example of a sand-boxed iFrame.

<iframe sandbox src="http://usercontent.example.net/getusercontent.cgi?id=12193"></iframe>

If you inspect element on GMail, you will notice iFrames everywhere. The sandbox attribute is not always automatically attached, because the sandbox attribute controls what is allowed.

When a pop-up is needed, the attribute will change

<iframe sandbox="allow-same-origin allow-scripts allow-popups allow-forms" src="http://usercontent.example.net/getusercontent.cgi?id=12193"></iframe>

This is done to protect the user and the mail application from XSS

The iFrame has to allow pop-ups, new windows, or scripts. Whatever you are trying (probably just navigation), the action is being blocked by a sandbox.

Dave Alperovich
  • 32,320
  • 8
  • 79
  • 101
  • 3
    ">Yes, you are clicking in an iFrame." I don't think so. This error message occurs when I gets redirected from mailtrap.io to my AngularJS application. – yaru Jun 13 '15 at 09:47
  • Strange... I just tried to reproduce this error - it's gone. What I did is turn off my Mac (my Angular development app version runs locally) and then turn it on again. – yaru Jun 13 '15 at 09:54
  • 2
    This error can happen without an iframe element – Jason S Aug 24 '22 at 17:30