iframes in Local Page Broken in Vivaldi 3.3

GJS

I have a local HTML page (loaded via file://) which uses iframes to show portions of four external pages (for controlling a heat pump system).

2020-09-04 1936 GSHP Status R.jpg

The iframes look like this:

<div class=thermostat>
	<iframe class=thermostat
		src="https://symphony.mywaterfurnace.com/thermostat/?gwid=...#Thermostat"
	></iframe>
</div>

<div class=equipment>
	<iframe class=equipment
		src="https://symphony.mywaterfurnace.com/?gwid=...#equipment_summary"
	></iframe>
</div>

The page works fine in Firefox 80.0.1 and in Edge 85.0.564.51. It worked in Vivaldi 3.2 if I turned OFF "Block Third-Party Cookies" (which I don't like to do). With the same setting in Vivaldi 3.3, the remote site refuses to log me in, probably because it can't set cookies.

2020-09-16 0829 GSHP Login R.jpg

Normally a page with iframes involves three domains: the client (browser), the page's server, and the server referenced by the iframe. Presumably Firefox and Edge consider a local page loaded by file:// to be in the same domain as the client (browser). So for iframes there is no third party involved, and the iframe's referenced page can set cookies in the client as if it had been opened directly. I think Vivaldi should do the same thing.

I have tried to work around the problem using various iframe attributes (e.g. referrerpolicy and sandbox), with no success. Does anyone know of a workaround?

Pathduck

@GJS This is likely due to the new strict samesite cookies handling in Chrome 84 and newer.

See:
https://blog.chromium.org/2019/10/developers-get-ready-for-new.html
https://medium.com/trabe/cookies-and-iframes-f7cca58b3b9e
https://blog.heroku.com/chrome-changes-samesite-cookie
https://web.dev/samesite-cookie-recipes/

One idea though, try adding the domain to the "Always allow" override list here:
chrome://settings/content/cookies

GJS

Thank you for the suggestions.

@Gwen-Dragon -- The only issues listed in the Developer Tools Console are:

• Indicate whether to send a cookie in a cross-site request by specifying its SameSite attribute.
• Indicate whether a cookie is intended to be set in a cross-site context by specifying its SameSite attribute.

Cookie attributes are set by the remote server, which I have no control over.

@Pathduck -- Setting "Always allow" for the iframe's src site did not help. The links you referenced are informative, but they all describe requirements on the server, which I don't have access to, and assume that the iframe is being served from another site. I have not found any discussion about an iframe inside a local document.

MS Edge on my system uses Chrome 85.0.4183.102 and handles the local page successfully with no special treatment. That implies to me that another browser could use the same methods. My gut feeling is that the browser must treat an iframe inside a local HTML file as a same-site connection, but I have not been able to find any discussion or examples.

I wrote a local page with an iframe to print out domain information. The output from Running it in MS Edge does not give me any clues:

Window.Location = 'file:///C:/Data/HTML/ShowDomain.html'
Window.Domain   = ''

Document.Location = 'file:///C:/Data/HTML/ShowDomain.html'
Document.Domain   = ''

iframe.Location = 'about:blank'
iframe.Domain   = ''

GJS

@Gwen-Dragon - I created a test page. It works in Firefox (Gecko) and Edge (Chromium). It fails in Chromium browser, Google Chrome, and Vivaldi. I don't know how to proceed further on this track. Should I:

Make a change request for Vivaldi?
Plead my case with the Chromium developers?
Try to get the remote site to change their cookie parameters? (Not likely to succeed, and it wouldn't help with other sites.)

For now, I am using a four-tab tiled grid in Vivaldi. It basically works, but is fiddly. All panels have to use the same zoom scale. I have to adjust the tile sizes and scroll positions after each startup. To check for session timeout, the document in each tab reloads itself every 25 minutes. That shifts the scroll position a little each time, so eventually I have to readjust them. I'm looking into JavaScript to periodically restore the scroll positions.

2020-09-21 1617 GSHP Tile Creep.jpg

This all seems harder than it ought to be. It might help to have options to lock the zoom scale and/or scroll position and/or size of a tile (or a tab). Maybe a little padlock icon/button at the intersection of its scrollbars. That would make the panel work a bit more like an iframe (which can specify scale and offset).