iframes in Local Page Broken in Vivaldi 3.3
GJS last edited by Gwen-Dragon
I have a local HTML page (loaded via file://) which uses iframes to show portions of four external pages (for controlling a heat pump system).
The iframes look like this:
<div class=thermostat> <iframe class=thermostat src="https://symphony.mywaterfurnace.com/thermostat/?gwid=...#Thermostat" ></iframe> </div> <div class=equipment> <iframe class=equipment src="https://symphony.mywaterfurnace.com/?gwid=...#equipment_summary" ></iframe> </div>
The page works fine in Firefox 80.0.1 and in Edge 85.0.564.51. It worked in Vivaldi 3.2 if I turned OFF "Block Third-Party Cookies" (which I don't like to do). With the same setting in Vivaldi 3.3, the remote site refuses to log me in, probably because it can't set cookies.
Normally a page with iframes involves three domains: the client (browser), the page's server, and the server referenced by the iframe. Presumably Firefox and Edge consider a local page loaded by file:// to be in the same domain as the client (browser). So for iframes there is no third party involved, and the iframe's referenced page can set cookies in the client as if it had been opened directly. I think Vivaldi should do the same thing.
I have tried to work around the problem using various iframe attributes (e.g. referrerpolicy and sandbox), with no success. Does anyone know of a workaround?
@GJS May the the mixed content from local file and remote server protocol mix is not allowed anymore.
Check Developer Tools (F12)
Console for errors
Pathduck last edited by
@GJS This is likely due to the new strict samesite cookies handling in Chrome 84 and newer.
One idea though, try adding the domain to the "Always allow" override list here:
GJS last edited by
Thank you for the suggestions.
@Gwen-Dragon -- The only issues listed in the Developer Tools Console are:
• Indicate whether to send a cookie in a cross-site request by specifying its SameSite attribute.
• Indicate whether a cookie is intended to be set in a cross-site context by specifying its SameSite attribute.
Cookie attributes are set by the remote server, which I have no control over.
@Pathduck -- Setting "Always allow" for the iframe's src site did not help. The links you referenced are informative, but they all describe requirements on the server, which I don't have access to, and assume that the iframe is being served from another site. I have not found any discussion about an iframe inside a local document.
MS Edge on my system uses Chrome 85.0.4183.102 and handles the local page successfully with no special treatment. That implies to me that another browser could use the same methods. My gut feeling is that the browser must treat an iframe inside a local HTML file as a same-site connection, but I have not been able to find any discussion or examples.
I wrote a local page with an iframe to print out domain information. The output from Running it in MS Edge does not give me any clues:
Window.Location = 'file:///C:/Data/HTML/ShowDomain.html' Window.Domain = '' Document.Location = 'file:///C:/Data/HTML/ShowDomain.html' Document.Domain = '' iframe.Location = 'about:blank' iframe.Domain = ''
@GJS There are internal flags in Vivaldi which could be used to override the cross-site security for cookies. But that is not recommended by Vivaldi team as it could result in stealing login data.
Or … May be if all requests (the page and the iframes!) are over HTTPS it could work.
@GJS Edge? Perhaps Microsoft ChromeEdge has got its own patches or a bug.
Would be interesting to know if Chromium 85 from Wolyss has teh same issue as Vivaldi 3.3
If it works in Chromium but not in Vivaldi, that could a bug. Then you can send a bugreport to Vivaldi devs with a reproducable testcase(!).
GJS last edited by
@Gwen-Dragon - I created a test page. It works in Firefox (Gecko) and Edge (Chromium). It fails in Chromium browser, Google Chrome, and Vivaldi. I don't know how to proceed further on this track. Should I:
- Make a change request for Vivaldi?
- Plead my case with the Chromium developers?
- Try to get the remote site to change their cookie parameters? (Not likely to succeed, and it wouldn't help with other sites.)
This all seems harder than it ought to be. It might help to have options to lock the zoom scale and/or scroll position and/or size of a tile (or a tab). Maybe a little padlock icon/button at the intersection of its scrollbars. That would make the panel work a bit more like an iframe (which can specify scale and offset).
Plead my case with the Chromium developers?
Yes. Please report at https://bugs.chromium.org/p/chromium/issues/list
After you got the report link, please report the issue to Vivaldi and add lin to Chromium bug. Do not forget a reproducible test case.