"Unsafe JavaScript attempt to initiate navigation"

I have a Typeform embedded in a post which allows users to certify that they meet certain qualifications. Upon completion, the form has a button to go to a topic. The button worked until recently; now it fails with:

renderer.aa121ddee4aa58d14f43.js:13 Unsafe JavaScript attempt to initiate navigation for frame with origin ‘https://forum.example.com’ from frame with URL [I’ve removed the url name]. The frame attempting navigation of the top-level window is sandboxed, but the flag of ‘allow-top-navigation’ or ‘allow-top-navigation-by-user-activation’ is not set.

I realize it could be related to Typeform, not Discourse, but Discourse seems the most likely to have changed. Have there been recent changes that could affect this? I’m up-to-date.

Hi,

At first I thought it was Mitigate XSS Attacks with Content Security Policy but I read too fast

This might be a typeform issue, be sure to check typeform embeds and see if something has changed.

AFAIK allow-top-navigation-by-user-activation is something recent, far from being supported by every browsers.

2 Likes

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.