chrome blocks popup if user reloads a page
580 views
Skip to first unread message
Gasan
Dec 5, 2024, 11:16:48 AM12/5/24
to Chromium-discuss
Hello.
My front end web application acquires an OAuth2 access token to call a third party API.
The flow is as follows:
User navigates to a certain page in the web application, if they have access token, the application calls the third party API, if not then aplication opens a pop-up to authenticate the user on the authorization provider website.
It all works nicely when user actively clicks on the navigation.
But if user is currently on that page and hits browser page reload button, then chrome blocks the popup.
I downloaded chromium source code from github: https://github.com/chromium/chromium but couldn't find the code that handles blocking popup.
Regards,
Gasan
Gasan
Jan 13, 2025, 7:43:32 AMJan 13
to Chromium-discuss, Gasan
to give more details, my front-end code looks similar to this:
```javascript
try {
```javascript
try {
// try to refresh the access token, no pop-up
this.session = await this.collapsedSessionRefresh(options.scopes);
If user clicks on a link that loads this page, then pop-up opens successfully, but if user reloads the page, then browser blocks the popup.
this.session = await this.collapsedSessionRefresh(options.scopes);
return this.session;
} catch {
// If the refresh attempt fails we assume we don't have a session, so continue to create one.
}
this.currentSession = await this.connector.createSession() // opens pop-up
```
The situation happens when `this.collapsedSessionRefresh(options.scopes)` fails.
} catch {
// If the refresh attempt fails we assume we don't have a session, so continue to create one.
}
this.currentSession = await this.connector.createSession() // opens pop-up
```
The situation happens when `this.collapsedSessionRefresh(options.scopes)` fails.
If user clicks on a link that loads this page, then pop-up opens successfully, but if user reloads the page, then browser blocks the popup.
What is also interesting is that if I put a breakpoint on `this.collapsedSessionRefresh(options.scopes)` then browser blocks the popup even if user clicks on the link. So debugger
breakpoint also seem to affect whether the browser blocks the pop-up.
I would like to know the logic why and when browser blocks the popup, so that I could design my application the right way. From what I understand so far, for the code above, in situation when `this.collapsedSessionRefresh(options.scopes)` fails, browser should always block the popup, because browser executes everything after `await` asynchronously. Yet, in practice, browser allows the popup, but only when user actively clicks on the link that leads to the page.
Please advise,
Gasan.
Gasan
Jan 14, 2025, 9:58:06 AMJan 14
to Chromium-discuss, Gasan
I asked a similar question on the firefox support channel. Based on the reply I got, my understanding is that the safe way to open a pop-up is to *always* first display a modal window with "sign-in" button. The user clicks the "sign-in" button, and the application opens a pop-up. The only downside of it is that user have to do an additional click (on the "sign-in"). But this is the necessary condition for the browser to always allow the pop-up.
Reply all
Reply to author
Forward
0 new messages