Description of the issue:
In Netdata, users can access different “Agent” pages, like:
which share the same single sign-on system, redirecting to https://netdata.cloud/account/sign-in-agent login page. The sign-on domain (netdata[dot]cloud) is then loaded as iframe on individual pages, like *.my-netdata.io, and it reads cookies set during sign-in and send them via
Unfortunately Brave shield is blocking that communication. Parent pages don’t receive any message from the iframe. It can be solved by switching the Shield setting from “Cross-site cookies blocked” to “All cookies allowed” on individual Agent pages (like newyork.my-netdata.io), but it’s problematic, because users can use even dozens of different pages with single login. It would be better if there was an option to whitelist only netdata[dot]cloud SSO page.
Is blocking of
window.parent.postMessage() intentional in this case?