CallToAction Buttons do not work with iframe embed code

Question

CallToAction Buttons do not work with iframe embed code

jbrule opened this issue 7 years ago · 7 comments

We recently tried out the CallToAction Buttons plugin with the open in new window option and have found that the button does not work as expected when embedding using the iframe embed code.

From what I can tell it looks like the button triggers the method Class.gotoAction with default event suppressed. It then tries to execute code on the frames window.parent, which fails due to Same Origin Policy. I didn't dig into goToAction but I think in this situation a simple <a href=".." target="_blank">...</a> should work.

Embed Type

Iframe

Player Version

2.67

Firefox Console

SecurityError: Permission denied to access property "href" on cross-origin object load.php:1

Chrome Console

Uncaught DOMException: Blocked a frame with origin "http://cdnapi.kaltura.com" from accessing a cross-origin frame.
    at Class.gotoAction (http://cdnapi.kaltura.com/html5/html5lib/v2.67/load.php?...)
    at Class.handleClick (http://cdnapi.kaltura.com/html5/html5lib/v2.67/load.php?...)
    at HTMLAnchorElement.<anonymous> (http://cdnapi.kaltura.com/html5/html5lib/v2.67/load.php?...)

Answer 1 · 2018-04-09T14:32:28.000Z

Hi @jbrule,

Thank for you reporting an issue and helping improve Kaltura!

To get the fastest response time, and help the maintainers review and test your reported issues or suggestions, please ensure that your issue includes the following (please comment with more info if you have not included all this info in your original issue):

Is the issue you're experiencing consistent and across platforms? or does it only happens on certain conditions?
please provide as much details as possible.
Which Kaltura deployment you're using: Kaltura SaaS, or self-hosted?
If self hosted, are you using the RPM or deb install?
Packages installed.
When using RPM, paste the output for:

	# rpm -qa \"kaltura*\"

For deb based systems:

	# dpkg -l \"kaltura-*\"

If running a self hosted ENV - provide the MySQL server version used
If running a self hosted ENV - is this a single all in 1 server or a cluster?
If running a self hosted ENV, while making the problematic request, run:

	# tail -f /opt/kaltura/log/*.log /opt/kaltura/log/batch/*.log | grep -A 1 -B 1 --color \"ERR:\|PHP\|trace\|CRIT\|\[error\]\"

and paste the output.

When relevant, provide any screenshots or screen recordings showing the issue you're experiencing.

For general troubleshooting see:
https://github.com/kaltura/platform-install-packages/blob/Jupiter-10.13.0/doc/kaltura-packages-faq.md#troubleshooting-help

If you only have a general question rather than a bug report, please close this issue and post at:
http://forum.kaltura.org

Thank you in advance,

Answer 2 · 2018-04-09T19:39:07.000Z

@jbrule Thank you for reporting this issue, I was able to reproduce and will update regarding a possible date for a fix.

Answer 3 · 2018-06-08T13:08:43.000Z

Still having this problem. Any updates available?

Answer 4 · 2018-06-20T15:20:31.000Z

@ErezBouskila We are still fighting this issue. Just want to make sure this issue hasn't fallen off the radar.

Answer 5 · 2018-06-26T14:53:54.000Z

So I think I have narrowed the issue down to this line that is included with load.php

Any ideas on remediation?

var parentLocation=window.parent.parent.location.href;

            gotoAction: function(e) {
                var action = $(e.target);
                var data = {
                    label: action.text(),
                    url: action.attr('href')
                };
		/***---Believe next line is causing the issue. This line is not present in the CallToAction resource JS file. 
Cannot access parent location because of cross origin rules. This condition should be caught and handled---***/
                var parentLocation = window.parent.parent.location.href;
                mw.log("CTA, opened from", parentLocation);
                var inKmcContext = false;
                if (!this.getConfig('openInNewWindow') && parentLocation.indexOf("kmc") > -1 && (parentLocation.indexOf("content") > -1 || parentLocation.indexOf("studio") > -1)) {
                    inKmcContext = true;
                }
                if (inKmcContext) {
                    alert("In order to stay in context, the link you clicked will open in a new window. When the player is embedded outside the KMC, it will open in the same window as configured.");
                }
                this.getPlayer().triggerHelper('actionButtonClicked', [data]);
                this.log('Trigger "actionButtonClicked" event with data: ', data);
                if ((this.getConfig('openInNewWindow') || !mw.getConfig('EmbedPlayer.IsFriendlyIframe')) || inKmcContext) {
                    window.open(data.url);
                } else {
                    window.parent.location.href = data.url;
                }
            }

Answer 6 · 2018-07-02T08:39:46.000Z

@jbrule Sorry for the delayed response, we found a fix for this issue and is part of player v2.70.

Please update your player to this version and confirm that the issue is resolved.
Thanks

Answer 7 · 2018-07-02T11:05:24.000Z

@jbrule I just got an update that the fix will be part of player v2.71 which is set to be deployed mid August.