guacamole-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mike Jumper <mjum...@apache.org>
Subject Re: Nginx X-Frame-Options causing Chrome "Page Unresponsive error"
Date Fri, 17 May 2019 15:11:33 GMT
On Fri, May 17, 2019 at 5:06 AM purplebadger <dom@eclipticdynamics.co.uk>
wrote:

> Hi,
>
> Guac 1.0.0 running Nginx reverse proxy.
>
> When connected to an RDP session from latest version of Chrome 74.x (and
> anecdotally from Safari, version unknown), if you stop moving the mouse a
> "This page has become unresponsive - would you like to kill, wait etc"
> browser pop up appears, the pop up disappears if you move the mouse, stop
> moving the mouse and it reappears - everything else seems to function
> normally.
>
> I suspected the Nginx policy may be to blame, I noticed some Developer
> tools
> errors in Chrome relating to X-Frame so i commented out this line in my
> Nginx conf:
> #add_header X-Frame-Options DENY
>
> This "resolved" the issue but....
>
>
Page unresponsive messages from the browser indicate that JavaScript on the
page in taking too long to run. As the "X-Frame-Options" header serves only
to block usage of iframes in specific contexts, I don't see how the
presence of "X-Frame-Options" could possibly lead to "page unresponsive".
It also doesn't make sense that moving the mouse would have any effect, as
the nature of "page unresponsive" is that JavaScript is taking so long that
events cannot be processed, including mouse events.

There are only two places in the codebase where an iframe is used:

1) Duo authentication
2) Inbound file transfer (from server to client)

Neither of the above would lead to "page unresponsive" if usage of iframe
were unavailable.

Oddly, i do not experience this error in an old version of Chrome 70.x and I
> do not experience this issue at all with Firefox.
>

My Chromebook is running Chrome 74; no issues.


> I notice another post relating to content security policy in Nginx - i
> realize that this config is probably out of scope of this support forum
> but:
> Are you able to provide any generic advice setting X-Frame-Options
> properly?
>

You can freely set "X-Frame-Options". I'd recommend "SAMEORIGIN" rather
than "DENY", so that inbound file transfer will not be blocked, but no
value will result in an unresponsive application. As noted in the thread
you reference, I have "X-Frame-Options" set as we speak.

Are their any other gotchas with Nginx config that can cause "Page
> unresponsive errors" within Guac?
>

There are no known issues which would cause the behavior you're seeing,
including "X-Frame-Options".

- Mike

Mime
View raw message