Security issue with URLs in embedded Airtable in Chrome and Safari

Mike_Reed · ‎Apr 26, 2020

I have an embedded an Airtable in a website with URLs that point to https locations that have pdf downloads. When the link is clicked the “https” is stripped off the url (although it is still in the Favicon on the browser tab) and the pdf will not open due to a security issue. Even dropping all security blocks will not allow the page to open. Not a problem with Edge or with Chrome or safari on iPhone. Only with Chrome on PC and Safari on Mac. The link will open if it is in the website outside of the airtable.

Update: Incognito doesn’t work; holding Ctrl (PC) or Cmd (Mac) will open the link in a new tab but stay on the main website. But it works!.

For developers: “target _top” works but “target _blank” or “target _parent” are loading but not displaying.

From the identically described issue stackoverflow.com this was suggested but didn’t work. It killed the table completely when we pasted in the iframe code:
I found something! I know your question was 2 years ago, but if you use the sandbox “allow-popups-to-escape-sandbox” in your iframe, this will work.

ScottWorld · ‎Apr 26, 2020

Can you give an example of where this problem is happening?

I’ve got an Airtable database embedded in a website, and the URL fields are all PDF files starting with https:// and they are all loading just fine in Safari on Mac.

Mike_Reed · ‎Apr 26, 2020

https://adveritasdx.com/test-database
Go to the last two columns. The “URL” column is fine, but just goes to a normal website.

ScottWorld · ‎Apr 26, 2020

Your database worked just fine for me. I clicked on several of the https:// links, and the PDF files opened up immediately in a new Safari tab — with the full https:// URL intact.

Here’s a video showing this in action in Safari for Mac:

Mike_Reed · ‎Apr 26, 2020

Thank you, that is so weird. There’s 4 of us in our group and all having the same problem.

Mike_Reed · ‎Apr 26, 2020

If we click on a link in the developer tools code it opens, so there’s something weird in the code that’s blocking. I’ll let you know when we figure it out but thanks for the frustrating video LOL!!

Mike_Reed · ‎Apr 26, 2020

It’s giving us a 304 error, but not sure why…yet.

Bill_French · ‎Apr 26, 2020

Yep - I suspect it’s because your browser settings are slightly biased toward cached resources.

The HTTP 304 Not Modified client redirection response code indicates that there is no need to retransmit the requested resources. It is an implicit redirection to a cached resource.

I think your browser is configured such that if it encounters a page that has not changed, pull if from cache where the most recent [changed] version of the content was preserved.

ScottWorld · ‎Apr 26, 2020

Lol! Not sure what’s going on. Maybe your IT Department added some strange security configuration to your Mac or Safari. You might try creating a brand new user account on your Mac (in your Mac’s System Preferences), and then log out and log in again as your new user. Then, see if it happens with your new user account. (I’m referring to Mac user accounts, not Airtable user accounts.) That would rule out any user-specific settings on your Mac that might be affecting Safari.

Mike_Reed · ‎Apr 26, 2020

I’m actually primarily on a PC with Chrome. And it’s a personal computer so no IT department (or an incompetent one - me). Anyway, I’m online with a developer so hopefully we’ll get there.