"Unsafe JavaScript attempt to initiate navigation"

Mark_Schmucker · July 3, 2019, 2:37am

I have a Typeform embedded in a post which allows users to certify that they meet certain qualifications. Upon completion, the form has a button to go to a topic. The button worked until recently; now it fails with:

renderer.aa121ddee4aa58d14f43.js:13 Unsafe JavaScript attempt to initiate navigation for frame with origin ‘https://forum.example.com’ from frame with URL [I’ve removed the url name]. The frame attempting navigation of the top-level window is sandboxed, but the flag of ‘allow-top-navigation’ or ‘allow-top-navigation-by-user-activation’ is not set.

I realize it could be related to Typeform, not Discourse, but Discourse seems the most likely to have changed. Have there been recent changes that could affect this? I’m up-to-date.

joffreyjaffeux · July 3, 2019, 9:18am

Hi,

At first I thought it was Mitigate XSS Attacks with Content Security Policy but I read too fast

This might be a typeform issue, be sure to check typeform embeds and see if something has changed.

AFAIK allow-top-navigation-by-user-activation is something recent, far from being supported by every browsers.

joffreyjaffeux · July 5, 2019, 9:18am

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Attempting to use the @username feature crashes the tab Support	3	483	June 26, 2019
Iframes Not Working Support	6	1380	March 3, 2022
Browser prevents Discourse from rendering in iframe despite proper configuration (`X-Frame-Options: SAMEORIGIN`) Bug embedding	0	31	November 12, 2024
Invitation 'Accept' button not working Support	27	1614	September 19, 2019
And invalid response header is being set from embed controller Support	4	685	March 27, 2021

"Unsafe JavaScript attempt to initiate navigation"

Related topics