Fix Safari SecurityError when Block All Cookies is enabled #2539
+214
−133
There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -5,6 +5,7 @@ import { | |
| IDiagnosticLogger, _eInternalMessageId, _throwInternal, dumpObj, eLoggingSeverity, getExceptionName, getGlobal, getGlobalInst, | ||
| isNullOrUndefined, objForEachKey | ||
| } from "@microsoft/applicationinsights-core-js"; | ||
| import { objGetOwnPropertyDescriptor } from "@nevware21/ts-utils"; | ||
| import { StorageType } from "./Enums"; | ||
|
|
||
| let _canUseLocalStorage: boolean = undefined; | ||
|
|
@@ -23,31 +24,88 @@ function _getLocalStorageObject(): Storage { | |
| return null; | ||
| } | ||
|
|
||
| /** | ||
| * Safely checks if storage object (localStorage or sessionStorage) is available and accessible | ||
| * This helps prevent SecurityError in some browsers (e.g., Safari) when cookies are blocked | ||
| * @param storageType - Type of storage | ||
| * @returns {boolean} Returns whether storage object is safely accessible | ||
| */ | ||
| function _canSafelyAccessStorage(storageType: StorageType): boolean { | ||
| const storageTypeName = storageType === StorageType.LocalStorage ? "localStorage" : "sessionStorage"; | ||
| let result = true; | ||
|
|
||
| try { | ||
| // First, check if window exists and get the global object once | ||
| const gbl: any = getGlobal(); | ||
|
MSNev marked this conversation as resolved.
Outdated
|
||
| if (isNullOrUndefined(gbl)) { | ||
| result = false; | ||
| } else { | ||
| // Try to indirectly check if the property exists and is accessible | ||
| // This avoids direct property access that might throw in Safari with "Block All Cookies" enabled | ||
|
|
||
| // Some browsers throw when accessing the property descriptors with getOwnPropertyDescriptor | ||
| // Others throw when directly accessing the storage objects | ||
| // This approach tries both methods safely | ||
| try { | ||
| // Method 1: Try using property descriptor - safer in Safari with cookies blocked | ||
| const descriptor = objGetOwnPropertyDescriptor(gbl, storageTypeName); | ||
| if (!descriptor || !descriptor.get) { | ||
| result = false; | ||
| } | ||
| } catch (e) { | ||
| // If the above fails, attempt a direct access inside a try-catch | ||
| try { | ||
| const storage = gbl[storageTypeName]; | ||
| if (!storage) { | ||
| result = false; | ||
| } | ||
| } catch (e) { | ||
| // If both approaches fail, storage cannot be safely accessed | ||
| result = false; | ||
| } | ||
| } | ||
| } | ||
| } catch (e) { | ||
| result = false; | ||
| } | ||
|
|
||
| return result; | ||
| } | ||
|
|
||
| /** | ||
| * Tests storage object (localStorage or sessionStorage) to verify that it is usable | ||
| * More details here: https://mathiasbynens.be/notes/localstorage-pattern | ||
| * @param storageType - Type of storage | ||
| * @returns {Storage} Returns storage object verified that it is usable | ||
| */ | ||
| function _getVerifiedStorageObject(storageType: StorageType): Storage { | ||
| let result = null; | ||
|
|
||
| try { | ||
| // First check if we can safely access the storage object | ||
| if (_canSafelyAccessStorage(storageType)) { | ||
| const storageTypeName = storageType === StorageType.LocalStorage ? "localStorage" : "sessionStorage"; | ||
|
Collaborator
There was a problem hiding this comment. pass the resolved string into the _canSafelyAccessStorage to avoid the duplication of the strings
Contributor
Author
There was a problem hiding this comment. I've refactored the code to pass the resolved storage type string to the _canSafelyAccessStorage function, eliminating the duplication of string resolution. The storage type name is now determined once in the _getVerifiedStorageObject function and passed to _canSafelyAccessStorage. d472d65 |
||
|
|
||
| // Now we can safely try to use the storage | ||
| try { | ||
| let uid = (new Date).toString(); | ||
| let storage: Storage = getGlobalInst(storageTypeName); | ||
| let name:string = _storagePrefix + uid; | ||
| storage.setItem(name, uid); | ||
| let fail = storage.getItem(name) !== uid; | ||
| storage.removeItem(name); | ||
| if (!fail) { | ||
| result = storage; | ||
|
Collaborator
There was a problem hiding this comment. Change this to return a wrapped version of the storage obejct which wraps the setItem() function in a try / catch that handles the failure and resets the state (by setting the value to null)
Contributor
Author
There was a problem hiding this comment. Added a storage wrapper in d0ee829 that wraps all Storage operations in try/catch blocks. All storage methods now reset the cached storage state if they encounter an error. |
||
| } | ||
| } catch (exception) { | ||
| // Storage exists but can't be used (quota exceeded, etc.) | ||
| } | ||
| } | ||
| } catch (exception) { | ||
| // Catch any unexpected errors | ||
| } | ||
|
|
||
| return result; | ||
| } | ||
|
|
||
| /** | ||
|
|
||
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Lets merge this function into the called as it should create smaller code
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I've merged the _canSafelyAccessStorage function into _getVerifiedStorageObject as requested, which should create smaller and more efficient code. All safety checks for handling Safari with blocked cookies are preserved in the integrated implementation. d2cd04d