I have strange problem - when deploying app (pure angular application with rest api) to production server and accessing its url via link from other site (ref from email for example) I have got blank page - firefox say nothing, chrome says
Blocked script execution in 'URL of website' because the document's frame is sandboxed and the 'allow-scripts' permission is not set.
and blocks all my .js files...
what does it means? I have found on the Internet something about iframes but I have no iframes in my site...
Strangest thing in my opinion is that if I access that link directly everything works without any problem...
So how to avoid to this behaviour?
Thanks for any reply
The error message warns that an Iframe is sand-boxed without a proper privileges
Yes, you are clicking in an iFrame. This is an example of a sand-boxed iFrame.
<iframe sandbox src="http://usercontent.example.net/getusercontent.cgi?id=12193"></iframe>
If you inspect element on GMail, you will notice iFrames everywhere. The sandbox attribute is not always automatically attached, because the sandbox attribute controls what is allowed.
When a pop-up is needed, the attribute will change
<iframe sandbox="allow-same-origin allow-scripts allow-popups allow-forms" src="http://usercontent.example.net/getusercontent.cgi?id=12193"></iframe>
This is done to protect the user and the mail application from XSS
The iFrame has to allow pop-ups, new windows, or scripts. Whatever you are trying (probably just navigation), the action is being blocked by a sandbox.