VMware {code} Community
harsha219
Enthusiast
Enthusiast
‎04-01-2022 05:36 AM

vcenter 7.0 U2 vs vcenter 6.7 U3 sandbox for remote client plugins

For our client plugin(remote plugin) in vcenter, the iframe sandbox attributes has "allow popups" in vcenter 7.0 U2 whereas the sandbox doesn't have "allow popups" attribute in vcenter 6.7 U3.

Could you confirm if it is allowed in vcenter 6.7 ? If not, is there a way to enable the same? Any suggestions would be helpful. Thanks in advance.

This is the error that we see for vcenter 6.7 when we try to open a page that is supposed to open in a new tab:

"Blocked opening '//<>/index.html' in a new window because the request was made in a sandboxed frame whose 'allow-popups' permission is not set."

Reply
0 Kudos
6 Replies
stoevm
VMware Employee
VMware Employee
‎04-04-2022 12:23 AM

Hi harsha,

The allow-popups is not allowed in 6.7U3, there is no such implementation, it was added post-factum.
There is no way to enable it, since the implementation is missing.

About the suggestions, can you elaborate more on what is the use-case that you try to accomplish ? 
Most use-cases can be migrated from popups to opening a modal and in most cases this is the best practice. However it depends on the use-case in question.

Reply
0 Kudos
harsha219
Enthusiast
Enthusiast
‎04-04-2022 03:32 AM

We are trying to move to a remote plugin instead of a local plugin that vcenter supports right now. We do have some help links that user can click on which will open help page in a new tab in browser. This mechanism works for local plugins even for 6.5 vcenter. But for a remote plugin, I'm seeing this issue. Does it mean that popups are allowed for local plugins ? How does it work for local plugins? Can we replicate the same mechanism for remote plugin?

Reply
0 Kudos
stoevm
VMware Employee
VMware Employee
‎04-04-2022 03:54 AM

For local plugins it works because they do not have the sandbox attribute attached to their iframe. 
When you open developers console when observing one of your plugins view in the vSphere Client and look at the iframe encapsulating your plugin, you will see that local and remote plugins are encapsulated with a different iframe element.
https://www.w3schools.com/tags/att_iframe_sandbox.asp

For local plugins there are no restrictions in the iframe sandbox rules, because a lot of plugins would simply not work, however this creates possible security flaws. 

For remote plugins the security is the main concern, thus not all sandbox attributes are allowed, we started with a minimal set in 6.7U3 (which for example does not contain allow-popups), after some requests from plugin writers we have added it and it is present in the 7.0U2 as you mentioned). 

It is not clear to me, if you have developed a local plugin working as expected for 6.7U3, why would you develop the remote plugin to cover those versions as well ?

Reply
0 Kudos
harsha219
Enthusiast
Enthusiast
‎04-04-2022 04:12 AM

Thank you for clearing that up. We need to have our remote plugin supported for all the most used versions of vcenter. I believe that many customers still use 6.7 U3. Our remote plugin would contain lot more new features which are not available in old plugin.

Since moving forward, vmware recommends the usage of remote plugin itself, we are focusing all our dev on remote plugin itself and not on the old local plugin. As a workaround, we can still right click on link and use "Open in New tab" option and still get it opened in another tab though. We still have to discuss and make a call on that.

Reply
0 Kudos
stoevm
VMware Employee
VMware Employee
‎04-04-2022 04:16 AM

Let me check if it is possible to add such a feature for an upcoming patch for version 6.7U3.
I will update you once I have the details.

Thanks

Reply
0 Kudos
stoevm
VMware Employee
VMware Employee
‎04-20-2022 04:08 AM

Hi harsha219,

I checked and unfortunately we no longer have a mechanism to release such changes in the 6.7 release cycle.

Martin.  

Reply
0 Kudos