The Issue
Some of our users reported that iOS Safari fails to load one of our pages, when they try to log in using Facebook OAuth. Safari returns the following:
Navigation was blocked by Cross-Origin-Opener-Policy
What we tried
Some members of our team are able to reproduce this issue, and bypass the errors by disabling COOP in Settings → Safari → Advanced → Experimental Features → (turn off) Cross-Origin-Opener-Policy (COOP) header which is enabled by default.
Other members of our team are not able to reproduce this issue at all. The web app works both when the COOP feature is turned on and off. All of us tried reseting to factory settings, experimental defaults, change networks, use VPNs and rebooting.
How to reproduce
(assuming you have a test account at facebook with no important, private data)
- Navigate to our minimal example on iOS Safari at:
https://www.tezos.help/ichabod/queue/
- click
Login (normal) - select Facebook
- go through authentication
- wait until you are redirected back
Are you able to navigate back and to the starting point (there should be a loading spinner)?
As we are not able to consistently reproduce this issue, it is very difficult for us to identify and fix any problems on our end. Based on what we have tried, it looks like either some webkit experimental flags are ignored, or there is a bug related to certificates/keyAccess and how the COOP header is processed or cached.
