ERR_BLOCKED_BY_CLIENT and HTML5 Sandbox

This content originally appeared on text/plain and was authored by ericlaw

Recently, many Microsoft employees taking training courses have reported problems accessing documents linked to in those courses in Chrome and Edge.

In Edge, the screen looks like this:

But the problem isn’t limited to Microsoft’s internal training platform, and can be easily reproduced in Chrome:

What’s going on?

There are a number of root causes for an ERR_BLOCKED_BY_CLIENT message, and the most common root cause is that you’ve installed a content-blocking extension (e.g. an ad-blocker) and it directed the browser to block the page.

But that’s not what’s happening here — we saw this on machines without any content blocking extensions.

What’s happening here is that the PDF viewer is blocked from loading because the new tab was created as a popup under the restrictions of the HTML5 Sandbox. The sandbox rules applied to the new tab include prohibitions on script and extensions, and Chromium’s PDF viewer requires both. So, the user ends up with a totally inexplicable blocking page.

Refreshing the page will not fix it, and shockingly, even navigating the tab to a different, non-PDF URL, will still likely result in failures (either script won’t run, or the page will not load) because the sandboxing limits are not removed upon manual navigation. For instance, Twitter refuses to load:

As an end-user, the workaround is easy: Copy/paste the URL from the broken tab to a new one and your document will load just fine.

As a web developer, to avoid creating unexpectedly impaired tabs, you must set the allow-popups-to-escape-sandbox flag; when you do so, new windows will not be restricted.

A quick look showed that our company training app specifies this flag, but the new tab was still impaired.

What gives?

A deeper look showed that the training app contains nested sandboxes — while an inner iframe includes the allow token, that iframe’s parent does not have the token.

The grandparent’s restriction on its child also restricts its grandchild:

Perhaps the Chromium dev tools should warn if a child iframe‘s sandbox directive specifies permissions that that will be denied by the grandparent’s restrictions on the parent?

This content originally appeared on text/plain and was authored by ericlaw

Print Share Comment Cite Upload Translate Updates

APA

ericlaw | Sciencx (2024-05-07T00:35:40+00:00) ERR_BLOCKED_BY_CLIENT and HTML5 Sandbox. Retrieved from https://www.scien.cx/2024/05/07/err_blocked_by_client-and-html5-sandbox/

MLA

" » ERR_BLOCKED_BY_CLIENT and HTML5 Sandbox." ericlaw | Sciencx - Tuesday May 7, 2024, https://www.scien.cx/2024/05/07/err_blocked_by_client-and-html5-sandbox/

HARVARD

ericlaw | Sciencx Tuesday May 7, 2024 » ERR_BLOCKED_BY_CLIENT and HTML5 Sandbox., viewed ,<https://www.scien.cx/2024/05/07/err_blocked_by_client-and-html5-sandbox/>

VANCOUVER

ericlaw | Sciencx - » ERR_BLOCKED_BY_CLIENT and HTML5 Sandbox. [Internet]. [Accessed ]. Available from: https://www.scien.cx/2024/05/07/err_blocked_by_client-and-html5-sandbox/

CHICAGO

" » ERR_BLOCKED_BY_CLIENT and HTML5 Sandbox." ericlaw | Sciencx - Accessed . https://www.scien.cx/2024/05/07/err_blocked_by_client-and-html5-sandbox/

IEEE

" » ERR_BLOCKED_BY_CLIENT and HTML5 Sandbox." ericlaw | Sciencx [Online]. Available: https://www.scien.cx/2024/05/07/err_blocked_by_client-and-html5-sandbox/. [Accessed: ]

rf:citation

» ERR_BLOCKED_BY_CLIENT and HTML5 Sandbox | ericlaw | Sciencx | https://www.scien.cx/2024/05/07/err_blocked_by_client-and-html5-sandbox/ |

Please log in to upload a file.

There are no updates yet.
Click the Upload button above to add an update.

You must be logged in to translate posts. Please log in or register.