On Fri, May 17, 2019 at 10:59 AM Zer0Cool <[email protected]> wrote:
> I can confirm, at least partially, the behavior. Guac 1.0.0, no prior > issues, > within the last week(s) Chrome has been doing this. Chrome confirmed v74. > > I currently have x-frame set to deny. I do not use Duo or file xfer. > > As mentioned, "SAMEORIGIN" is likely a better setting which I have been > testing myself along with some other stuff. > > Chrome dev tools console shows 2 errors: > > Refused to display 'https://mydomain.com/app/element/templates/blank.html' > in a frame because it set 'X-Frame-Options' to 'deny'. > > Uncaught TypeError: Cannot read property 'defaultView' of null > at HTMLObjectElement.g.onload (app.js?v=1.0.0:281) > > The blank.html template is used as the contents of the object tag used to hook into DOM element resize events: https://github.com/apache/guacamole-client/blob/d1e928bea79ca81c827e9b6adedabc98eefdf701/guacamole/src/main/webapp/app/element/directives/guacResize.js#L49-L54 https://github.com/apache/guacamole-client/blob/d1e928bea79ca81c827e9b6adedabc98eefdf701/guacamole/src/main/webapp/app/element/directives/guacResize.js#L102-L105 That would at least break automatic scaling/resize of the display, perhaps more if that error stops other parts of the application from running, but I don't see how that would cause a page unresponsive error. The first leads me to believe x-frame is the culprit. The second error could > just be caused by the first. It does look like X-Frame-Options is being interpreted by Chrome to block the object element from loading blank.html. I would have expected Chrome to block this in older versions, as well, though. - Mike
