SecurityError for video call in iframe if 3rd party cookies are disabled

[yourcelf]

When trying to embed a meet.jit.si in an iframe in the current Firefox Developer Edition (47.0a2), the video conference fails to function correctly. The console shows:

DOMException [SecurityError: "The operation is insecure."
code: 18
nsresult: 0x80530012
location: https://meet.jit.si/libs/lib-jitsi-meet.min.js?v=825:9

When I first load the iframe, I'm prompted to share microphone and video which I allow. My video appears in the list at the bottom, but is not sent to the room, other clients connected to the room do not see me as present, and I do not see any other clients in the room.

In this state, if I attempt to use "Chat", I am prompted to enter a nickname. After entering the nickname, Firefox shows the error:

SecurityError: The operation is insecure.
    setDisplayName()     app.bundle.min.js:7
...

If I enter it a second time, it appears to succeed, but with the error Unable to init avatar - no id printed in the console. If I then attempt to send a chat message, the error Error: Your message was not sent. is displayed in the message pane.

This only seems to happen in iframes -- loading meet.jit.si with a full window works.

[yourcelf]

This appears to be somehow due to third-party cookies. The SecurityError is raised if 3rd-party cookies are disabled in Firefox preferences. I haven't yet been able to figure out what sort of resource is triggering this. The following are the logs around the error:

[/modules/RTC/RTCUtils.js] <[63]</</RTCUtils.getUserMediaWithConstraints>:  Get media constraints Object { audio: true, video: false }lib-jitsi-meet.min.js:4:2917
DOMException [SecurityError: "The operation is insecure."
code: 18
nsresult: 0x80530012
location: https://d3f5ootf0jzs2j.cloudfront.net/1217/libs/app.bundle.min.js?v=1217:2]app.bundle.min.js:1:3684
[/modules/RTC/RTCUtils.js] <[63]</</RTCUtils.getUserMediaWithConstraints/<>:  onUserMediaSuccesslib-jitsi-meet.min.js:4:2917
[/modules/RTC/RTCUtils.js] <[63]</</RTCUtils.getUserMediaWithConstraints>:  Get media constraints Object { audio: false, video: Object }lib-jitsi-meet.min.js:4:2917
[/modules/RTC/RTCUtils.js] <[63]</</RTCUtils.getUserMediaWithConstraints/<>:  onUserMediaSuccesslib-jitsi-meet.min.js:4:2917

I tried using the external_api.js and setting configOverwrite to: {disableStats: true, disableThirdPartyRequests: true, logStats: false}. This successfully prevented calls to callstats.io (I'd guessed that this might be the 3rd-party whose cookies needed approving), but this didn't fix it.

Interestingly, the camera light on my laptop turns on, and firefox shows the video/audio icon indicating that they are being shared. The devices are set to "always share" with meet.jit.si. Yet jitsi meet still shows a permission error.

If I enable 3rd-party cookies, it works.

[damencho]

I don't see how disableThirdPartyRequests would affect whether it works or not, there can be a bug. Are there any errors in the console when it is not working?

[yourcelf]

disableThirdPartyRequests didn't have any effect; it was a guess on my part after finding that the 3rd party cookie setting was changing whether it worked. The only thing I've found that changes whether meet.jit.si works in an iframe in firefox 49 or 50 is whether 3rd-party cookies are enabled or not.

The only error in the console is the SecurityError quoted above:

DOMException [SecurityError: "The operation is insecure."
code: 18
nsresult: 0x80530012
location: https://d3f5ootf0jzs2j.cloudfront.net/1217/libs/app.bundle.min.js?v=1217:2]app.bundle.min.js:1:3684

[damencho]

Ok, I see. I'm not familiar with these 3rd party cookie. It should disable some other security restrictions cause the app is not using any cookies.

[yourcelf]

3rd party cookie setting also controls access to localStorage (in both Chrome and Firefox).

[yourcelf]

And just to confirm: loading fails in Chrome with 3rd party cookies disabled too, with the more helpful error message:

app.bundle.min.js:1 DOMException: Failed to read the 'localStorage' property from 'Window': Access is denied for this document.
    at Error (native)
    at openConnection (https://d3f5ootf0jzs2j.cloudfront.net/1217/libs/app.bundle.min.js?v=1217:2:10076)
    at connect (https://d3f5ootf0jzs2j.cloudfront.net/1217/libs/app.bundle.min.js?v=1217:1:8375)
    at createInitialLocalTracksAndConnect (https://d3f5ootf0jzs2j.cloudfront.net/1217/libs/app.bundle.min.js?v=1217:1:9110)
    at https://d3f5ootf0jzs2j.cloudfront.net/1217/libs/app.bundle.min.js?v=1217:1:16768(anonymous function) @ app.bundle.min.js:1

Chrome indicates that the camera/mic have been activated, but Jitsi does not load.

[damencho]

Ok, this is a bug we need to fix. I will look in to it these days. It
should load without localstorage. Thanks for the trace, its really helpful
and shows the problem.

On Tue, Sep 13, 2016 at 10:04 AM, Charlie DeTar notifications@github.com
wrote:

And just to confirm: loading fails in Chrome with 3rd party cookies
disabled too, with the more helpful error message:

app.bundle.min.js:1 DOMException: Failed to read the 'localStorage' property from 'Window': Access is denied for this document.
at Error (native)
at openConnection (https://d3f5ootf0jzs2j.cloudfront.net/1217/libs/app.bundle.min.js?v=1217:2:10076)
at connect (https://d3f5ootf0jzs2j.cloudfront.net/1217/libs/app.bundle.min.js?v=1217:1:8375)
at createInitialLocalTracksAndConnect (https://d3f5ootf0jzs2j.cloudfront.net/1217/libs/app.bundle.min.js?v=1217:1:9110)
at https://d3f5ootf0jzs2j.cloudfront.net/1217/libs/app.bundle.min.js?v=1217:1:16768(anonymous function) @ app.bundle.min.js:1

Chrome indicates that the camera/mic have been activated, but Jitsi does
not load.

—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
#547 (comment),
or mute the thread
https://github.com/notifications/unsubscribe-auth/ADHKep-v4eiQIcGLFIopZxZxob-ncTr0ks5qpruagaJpZM4H3Sin
.

[kitsandkats]

Hey there -- I am still encountering this bug and was wondering if there are any updates?

[stale]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

[jujutard]

Hey, is there any news about this problem ? It's still happen when 3rd party cookies are disabled in chrome (v74 for me)...
Thank you.

[FROGGS]

Same for me, this issue still exists with latest chrome.

[duche]

Hi, same problem for me, last version on my chrome browser, when I embed jitsi-meet ...
If I activate third cookie on option, all was good, but it's not a default option, so If you have a solution or configuration or a possibility to open video on other mode ....

Thank's

[gandreadis]

Any update on resolutions for this? Still facing this issue, in Firefox (with 3rd party cookies indeed disabled). I cannot ask users of the service I'm building to disable the 3rd party cookie setting, so I'd really appreciate being able to change this in the configurations

[DeinDorfleben]

Hello at all,
for me it would be also very helpful to get a bugfix on this issue, so users don't have to care about 3rd party browser settings. Do you have any news on this?
Best regards and thanks in advance,
Florian

[duche]

+1 ... It's a real problem because the futur of browser are not with "third party" .....
Thank's a lot too ....