0

Related to this question, the workaround to launching a custom protocol after starting a websocket (so as to keep the socket open and polling) is to use an iframe element and set the src to be the custom protocol. But, if a user clicks the button that sets the src too quickly (i.e. they trigger the custom protocol too frequently), FF logs this warning:

"Iframe with external protocol was blocked due to lack of user activation, or because not enough time has passed since the last such iframe was loaded."

I can't seem to find any documentation on:

  • What constitutes user activation
  • How much time "enough time has passed" actually is

Does anyone know what exactly that warning means or what either of those bullet points are and how we can get around the limitation to allow launching a custom protocol (without refreshing the page or causing a popup) from within FF?

I've tried both having the iframe exist on the page beforehand and dynamically setting the src, as well as, dynamically creating the iframe with the src at the same time, but both end with the same warning being logged.

elrobe
  • 555
  • 2
  • 16

1 Answers1

1

User activation means an event triggered by the user, such as mouse or keyboard events. This is similar to the way popup blockers work.

I doubt you'll find the "enough time" limit documented -- the programmers don't want to tell malware writers how to work around the restriction.

You say you're doing this when the user clicks on a button, so that should fit the "user activation" requirement. Are you doing it in a callback function that runs asynchronously from the event listener? That disconnects it from the user interaction -- it has to be directly in the listener function.

Barmar
  • 741,623
  • 53
  • 500
  • 612
  • That would do it then. The button submits the form and, upon (re)load, we create the iframe. Problem is that we need to communicate with the database and there's a preexisting reason to have the button trigger a submission/refresh. Is there really no way around this "user activation", like a way to fake it (though I guess that defeats the purpose)? Or maybe an alternative to using iframes? – elrobe Jan 11 '22 at 21:09
  • I don't know enough about your application to understand why you need the iframe. – Barmar Jan 11 '22 at 21:42
  • Well the iframe is a workaround to using a websocket and a custom protocol. Websocket starts, then the custom protocol is triggered. FF will close the Websocket if you use an a element, so you have to use an iframe. – elrobe Jan 12 '22 at 18:25