On Thu, Jan 30, 2020 at 5:14 AM kcrisman <[email protected]> wrote: > > >> >> NOTE: I just investigated further and I see the CORS error when using >> Google Chrome Version 79.0.3945.130, but NOT when using Firefox >> 72.0.1. So this could easily be one of those problems that only >> happens due to Google Chrome turning the security screws. > > > Although I no longer recall the full details, I affirm that this is probably > part or all of the issue. I seem to remember something very similar when we > used CoCalc to host some training for PreTeXt (and hence Sage cells), and > certainly viewing local files in some browsers causes a lot of stuff to not > appear (especially knows) by default, except in FF under some disabled > settings. It might be worth having some recommendations to users somewhere > about that in the sage cell documentation, if it isn't there already. >
When I mentioned this to Harald Schilly just now, he said it was something that we (at CoCalc) had configured to increase the security of our site, since we want to make it very difficult for third-party Javascript to steal information about a user's account. I wonder if there could also be an iframe version of the Sage Cell server embeds, which provides better security and CSS isolation? It would make a lot of sense of each sage cell to run in its own iframe. E.g., colab has every single cell in a jupyter notebook run in its own iframe... -- William (http://wstein.org) -- You received this message because you are subscribed to the Google Groups "sage-cell" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/sage-cell/CACLE5GASyB9HwTtgLdzce%2BW3kjpGqV-obQuBKvvpGQNzpPuDXQ%40mail.gmail.com.
