Error: The document is sandboxed and lacks the 'allow-same-origin' flag. #859
Labels
Comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
{{ message }}
Describe the bug
When developing any Stripe app that calls an external API from its SettingsView, the following error is thrown:
Error: Failed to read the 'cookie' property from 'Document': The document is sandboxed and lacks the 'allow-same-origin' flag.This is a somewhat recent bug introduced in the last couple months, as we've developed multiple Stripe apps and never seen this before. I believe it's due to Stripe apps being contained in a sandboxed iframe, and the iframe does not have the
allow-same-originpermission.To Reproduce
Most apps in the Stripe Apps Marketplace are throwing this error. For example, download the Mailchimp app, go to settings, and open chrome developer tools to see the error being thrown. Sometimes it causes an error screen to flash quickly while the SettingsView is loading.
During local development, the error covers the screen which prevents development. To reproduce, run any Stripe app locally that calls an external API in its SettingsView. Go to settings, and the screen will show the error:
Desktop (please complete the following information):
The text was updated successfully, but these errors were encountered: