Chromium, IDBFS and iframes

[Beuc]

Hi,

I have savegame issues with Chromium and typical game hosting websites
(itch.io, newgrounds...), where they present the game in their domain,
and run the game within a iframe from a CDN (and a different domain name).

While running the game from the iframe, Chromium still attempts to use
IndexedDB storage from the top-level domain context.
This results in FS.syncfs() failing with "DOMException: The user denied
permission to access the database" (visible if you set an async error
handler).
If the user manually hits the iframe page directly, storage works.

With Firefox, no issues, since the browser uses IDB with the iframe
domain context
(which makes much more sense to me).

Are you aware of this?
Are there workarounds?
Should I file a bug in Chromium?

Cheers!
Beuc

[Jukka Jylänki]

If there's differing behavior between browsers, filing a bug is good
idea. Any chance you'd be able to handwrite an IndexedDB example JS
code that highlights the discrepancy? In general I find that filing
Emscripten compiled pages as bug test cases tend to go untriaged as
too complex. :)

> --
> You received this message because you are subscribed to the Google Groups "emscripten-discuss" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to emscripten-disc...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/emscripten-discuss/bf34857b-e7ed-0f97-a7f2-9402c0aad45b%40beuc.net.
> For more options, visit https://groups.google.com/d/optout.

[Beuc]

AFAICS this has been around for years :/
See for instance https://forum.unity.com/threads/how-to-check-playerprefs-has-actually-written-data.389376/

I really don't understand the logic of attempting to use the caller's / top-level IDBFS context instead of the iframe one?

One work-around is unblocking "third-party cookies" in
chrome://settings/content/cookies

Another one is passing a sessionid to the iframe to it can save the data via the hoster's API, provided the player has an account there already.
(I believe newgrounds does it, but not itch.io.)

Do you all have some more feedback on this?

Cheers!
Beuc

[Alon Zakai]

Yeah, searching the chromium bug tracker and filing an issue if none exists sounds like the right thing. That difference between browsers does sound odd and likely a bug somewhere.

- Alon

[Beuc]

Hi,

With some more testing:
- Chromium, Debian version, blocks third-party cookies by default:
https://sources.debian.org/patches/chromium/73.0.3683.75-1/disable/third-party-cookies.patch/
- Chrome and default Chromium builds do not
- Firefox, including Debian version, doesn't; with blocking even the 3rd-party WASM can't load (SecurityException)

So this is not a browser issue but a default settings issue.

AFAIU the reason why the iframe cannot use IndexDB is because otherwise the top-level page could control the frame and have it set a cookie, bypassing the "no 3rd-party cookie" setting.

There doesn't seem to be a way around this but I can be mistaken.

Cheers!
Beuc

To view this discussion on the web visit https://groups.google.com/d/msgid/emscripten-discuss/9057fc5d-80fe-9b11-bf56-4ff506cf9759%40beuc.net.