Meetings embed widget script causing an error by accessing iframe's document

Search Marketing Integrations for solutions or ask a question
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
DKowalczyk

‎Apr 16, 2024 5:48 AM

Participant

The script `https://static.hsappstatic.net/MeetingsEmbed/ex/MeetingsEmbedCode.js` responsible for embedding the Meetings widget iframe is causing the following error:

`Uncaught DOMException: Failed to read a named property 'document' from 'Window': Blocked a frame with origin "xxx" from accessing a cross-origin frame.
https://static.hsappstatic.net/MeetingsEmbed/ex/MeetingsEmbedCode.js:1:3022`

Were there any recent changes done to this script? Can I expect it to be fixed?

Meetings
2 Accepted solutions
DKowalczyk
Solution

‎Apr 17, 2024 3:06 AM - edited ‎Apr 17, 2024 3:09 AM

Participant

DKowalczyk_0-1713337788324.png

 

The issue seems to be in the attempt to add a meta HTML tag to the iframe's document with robots, noindex

View solution in original post

0 Upvotes
DKowalczyk
Solution

‎Apr 19, 2024 3:37 AM

Participant

Hi guys,

 

Following up on this. It seems to be a bug introduced in the newest version of MeetingsEmbedCode.js - can you please advise?

 

Thanks!

View solution in original post

9 Replies 9
DecisioHealth

‎Jun 7, 2024 11:25 AM

Participant

Having a similar issue, the iFrame does not load until there is mouse movement on the page.  The script is 
<!-- Start of Meetings Embed Script -->
<div class="meetings-iframe-container" data-src="https://meetings.hubspot.com/user-profile/schedule-a-call?embed=true"></div>
<script type="text/javascript" src="https://static.hsappstatic.net/MeetingsEmbed/ex/MeetingsEmbedCode.js"></script>
<!-- End of Meetings Embed Script -->

0 Upvotes
KKulkarni3

‎Apr 22, 2024 8:18 PM - edited ‎Apr 22, 2024 8:33 PM

Participant

Is there any development on this?

Facing same issue. This is how the code is embed in React.

 

<>
            <Helmet>
                <script type="text/javascript" src={HUBSPOT_MEETING_SCRIPT_URL}></script>
            </Helmet>
            <div className="meetings-iframe-container" data-src={__HUBSPOT_MEETING_CALENDAR_URL__}></div>
            
        </>

 

 

We also encountered this error for the first time on Sentry on April 16th, 2024

0 Upvotes
DKowalczyk
Solution

‎Apr 19, 2024 3:37 AM

Participant

Hi guys,

 

Following up on this. It seems to be a bug introduced in the newest version of MeetingsEmbedCode.js - can you please advise?

 

Thanks!

vargasp

‎Apr 18, 2024 2:56 AM

Participant

I'm having the same issue. One detail, it started to fail because my CSP was blocking a reference to

https://js-agent.newrelic.com/

After adding that domain to my script-src CSP, then I have the 'Uncaught DOMException: Failed to read a named property 'document' from 'Window'...' error, so it may be related.

 

This is how I inject the embedded widget in Angular:

ngOnInit(): void {
  const myScriptElement = document.createElement('script');
  myScriptElement.src =
    'https://static.hsappstatic.net/MeetingsEmbed/ex/MeetingsEmbedCode.js';
  document.body.appendChild(myScriptElement);
}
vargasp

‎Apr 18, 2024 4:21 AM

Participant

My guess is that your MeetingsEmbedCode.js started using the New Relic agent at some point, which is introducing the referer domain (my web site) into a vulnerable context.

Fortunatelly, modern browsers are able to deal with this situation...

0 Upvotes
PamCotton
HubSpot Alumni

‎Apr 16, 2024 5:33 PM

HubSpot Alumni

Hey @DKowalczyk, thank you for posting in our Community!

 

Do you have any additional information or specific details about when this issue started occurring, it would be helpful for our investigation. Also, if you have any urgent meetings or tasks affected by this, please let us know so that we can explore alternative solutions or workarounds.

 

The more information, screenshots, and details you can provide, the better I can advise on the next steps.

 

Thank you,

Pam

0 Upvotes
DKowalczyk

‎Apr 24, 2024 3:51 AM

Participant

@PamCotton - just letting you know the community discovered an issue in your production script that haven't been addressed anyhow.

0 Upvotes
alettieri

‎Apr 19, 2024 3:14 PM - edited ‎Apr 19, 2024 3:27 PM

Member

We're also experiencing this issue. According to our sentry logs, April 16th, 2024 was the first time we encountered this error.

It's looking like the embed code is accessing the `contentWindow`, document object. This is something that's generally only allowed if the contentWindow or iFrame is on the same origin. https://developer.mozilla.org/en-US/docs/Web/API/HTMLIFrameElement/contentWindow

Here is the code:

    c.addEventListener("load", function () {
          const t = document.createElement("meta");
          t.name = "robots";
          t.content = "noindex";
          c.contentWindow.document.head.appendChild(t);
    });

 

DKowalczyk
Solution

‎Apr 17, 2024 3:06 AM - edited ‎Apr 17, 2024 3:09 AM

Participant

DKowalczyk_0-1713337788324.png

 

The issue seems to be in the attempt to add a meta HTML tag to the iframe's document with robots, noindex

0 Upvotes

Sign up for the Community Newsletter

Receive Community updates and events in your inbox every Monday morning.
Meetings embed widget script causing an error by accessing iframe's document
Hi guys,   Following up on this. It seems to be a bug introduced in the newest version of MeetingsEmbedCode.js - can you please advise?   Thanks!
Hi guys,   Following up on this. It seems to be a bug introduced in the newest version of MeetingsEmbedCode.js - can you please advise?   Thanks!
Marketing
Jun 7, 2024