Error when toggling fullscreen in player in iframe
kyjak opened this issue · 13 comments
If you use kaltura in an iframe and click the fullscreen button,
you get a security error and javascript breaks. No fullscreen is shown.
SecurityError: Permission denied to access property "document" on cross-origin object load.php:136270
jQuery 6
doContextTargetFullscreen
doFullScreenPlayer
toggleFullscreen
toggleFullscreen
toggleFullscreen
el
dispatch 0_149862n9:179
handle 0_149862n9:176
SecurityError: Permission denied
Hi @kyjak,
Thank for you reporting an issue and helping improve Kaltura!
To get the fastest response time, and help the maintainers review and test your reported issues or suggestions, please ensure that your issue includes the following (please comment with more info if you have not included all this info in your original issue):
- Is the issue you're experiencing consistent and across platforms? or does it only happens on certain conditions?
please provide as much details as possible. - Which Kaltura deployment you're using: Kaltura SaaS, or self-hosted?
If self hosted, are you using the RPM or deb install? - Packages installed.
When using RPM, paste the output for:
# rpm -qa \"kaltura*\"
For deb based systems:
# dpkg -l \"kaltura-*\"
- If running a self hosted ENV - provide the MySQL server version used
- If running a self hosted ENV - is this a single all in 1 server or a cluster?
- If running a self hosted ENV, while making the problematic request, run:
# tail -f /opt/kaltura/log/*.log /opt/kaltura/log/batch/*.log | grep -A 1 -B 1 --color \"ERR:\|PHP\|trace\|CRIT\|\[error\]\"
and paste the output.
- When relevant, provide any screenshots or screen recordings showing the issue you're experiencing.
For general troubleshooting see:
https://github.com/kaltura/platform-install-packages/blob/Jupiter-10.13.0/doc/kaltura-packages-faq.md#troubleshooting-help
If you only have a general question rather than a bug report, please close this issue and post at:
http://forum.kaltura.org
Thank you in advance,
@kyjak thanks for reporting, can you please add a sample test page that reproduces the issue.
I have to get clearance if the link is postable to 3rd party, will be in touch shortly.
Sorry, this wont work, it is on internal network. I can do a stack trace or else if you guide me what you need.
If you can add a sample of your setup, parent page and iframe then maybe I can understand it.
Also add browser and OS details and if you have any specific intranet restrictions.
Setup - Windows 10, Firefox 67.0.4.
The doc is setup as follows and the problem lies with clicking fullscreen. Kaltura wants to access document.*, which is unavailable, cause it resides within an iframe i think. Kaltura should check for existance/accessibility of variables.
@kyjak thanks, can you please share the uiconfid.
Is the player iframe nested in additional iframes in your website layout?
If this is the case then you need to enable the fullscreen policy on each frame as you see on the player in the allow='...' attribute.
This is browser security policy, see more details here: https://developers.google.com/web/updates/2018/06/feature-policy
Will try the allow policies and let you know. where do I find the uiconfid?
on the iframe src attribute URL
Thanks, I’ll check the config.
Can you please inspect the dom again and say if you have nested iframe.
yes, we have a nested iframe, this week will push the allow policies and see if it helped