Cannot open Web IDE after becoming a Gitlab Contibutor and blocking all Cross-site cookies
Everyone can contribute. Help move this issue forward while earning points, leveling up and collecting rewards.
Summary
After becoming a Gitlab contributor and all of the associated account changes, I can no longer open the Web IDE.
It seems that a cross-site cookie that wasn't previously used in the Web IDE becomes required.
Steps to reproduce
I cannot reproduce it as I can't un-reproduce it to see exactly what is wrong, but here are the steps as I experienced them:
1. Have a Gitlab.com account.
2. Use Web IDE successfully.
3. Create an issue in gitlab-org/gitlab and be invited to become a contributor
4. Follow contributor on-boarding
5. Try to open the Web IDE through any method (Code -> Web IDE, Edit -> Open in Web IDE)
- In Firefox, change the setting
Settings -> Privacy & Security -> Enhanced Tracking Protection -> Custom -> Cookiesto "All cross-site cookies" - Use Gitlab IDE successfully
- Become a Gitlab contributor
- Try to use the Web IDE through any method (Code -> Web IDE, Edit -> Open in Web IDE)
Example Project
Here is an example Web IDE page to edit the community fork LICENSE file: https://gitlab.com/-/ide/project/gitlab-community/gitlab-org/gitlab/edit/master/-/LICENSE
But it does occur any time I try to open the Web IDE, not in any specific group or project.
What is the current bug behavior?
A new tab opens, a few loading-style things appear, and then a blank page (<body></body>) appears. There are errors logged to the console, which will be in the logs section.
What is the expected correct behavior?
Web IDE should open and be usable the same as it was before becoming a contributor. If the Web IDE encounters an error it should either try to reload without the extension, or show the user an error of some kind.
Relevant logs and/or screenshots
Firefox Console Log
Content-Security-Policy warnings 8
Welcome to GitLab!
Does this page need fixes or improvements? Open an issue or contribute a merge request to help make GitLab more lovable. At GitLab, everyone can contribute!
🤝 Contribute to GitLab: https://about.gitlab.com/community/contribute/
🔎 Create a new GitLab issue: https://gitlab.com/gitlab-org/gitlab/-/issues/new
🚀 We like your curiosity! Help us improve GitLab by joining the team: https://about.gitlab.com/jobs/ sentry.950b8359.chunk.js:1:56465
Feature Policy: Skipping unsupported feature name “clipboard-read”. 1237.293a653d.chunk.js:1:97104
Feature Policy: Skipping unsupported feature name “clipboard-write”. 1237.293a653d.chunk.js:1:97104
Feature Policy: Skipping unsupported feature name “clipboard-read”. 1237.293a653d.chunk.js:1:97210
Feature Policy: Skipping unsupported feature name “clipboard-write”. 1237.293a653d.chunk.js:1:97210
Feature Policy: Skipping unsupported feature name “clipboard-read”. 1237.293a653d.chunk.js:1:97777
Feature Policy: Skipping unsupported feature name “clipboard-write”. 1237.293a653d.chunk.js:1:97777
Cookie “” has been rejected as third-party. workbench.html
Cookie “” has been rejected as third-party. workbench.html
Cookie “” has been rejected as third-party. workbench.web.main.css
Cookie “” has been rejected as third-party. main.js
Request to access cookie or storage on “https://workbench-83e5c1a0a38fabb6e481104df5f130.cdn.web-ide.gitlab-static.net/gitlab-web-ide-vscode-workbench-0.0.1-dev-20250430143302/assets/workbench.html” was blocked because we are blocking all third-party storage access requests and content blocking is enabled. <anonymous code>:7:27
Cookie “” has been rejected as third-party. package.json
Cookie “” has been rejected as third-party. package.json
Cookie “” has been rejected as third-party. package.json
Cookie “” has been rejected as third-party. package.json
Cookie “” has been rejected as third-party. loader.js
Cookie “” has been rejected as third-party. nls.messages.js
Cookie “” has been rejected as third-party. workbench.web.main.js
Cookie “” has been rejected as third-party. workbench.web.main.internal.js
Source map error: Error: request failed with status 404
Stack in the worker:networkRequest@resource://devtools/client/shared/source-map-loader/utils/network-request.js:43:9
Resource URL: https://workbench-83e5c1a0a38fabb6e481104df5f130.cdn.web-ide.gitlab-static.net/gitlab-web-ide-vscode-workbench-0.0.1-dev-20250430143302/main.js
Source Map URL: main.js.map
Source map error: Error: request failed with status 404
Stack in the worker:networkRequest@resource://devtools/client/shared/source-map-loader/utils/network-request.js:43:9
Resource URL: https://workbench-83e5c1a0a38fabb6e481104df5f130.cdn.web-ide.gitlab-static.net/gitlab-web-ide-vscode-workbench-0.0.1-dev-20250430143302/vscode/out/nls.messages.js
Source Map URL: https://main.vscode-cdn.net/sourcemaps/d78a74bcdfad14d5d3b1b782f87255d802b57511/core/nls.messages.js.map
Error while creating broadcast channel. Falling back to localStorage. The operation is insecure. workbench.web.main.internal.js:511:1981
Error occurred trying to clear possibly installed marketplace extensions DOMException: IDBFactory.open: The operation is insecure
openDb main.js:25155
openDb main.js:25154
remove main.js:25168
removeExtensions main.js:25187
cleanWebIdeExtensions main.js:25249
start main.js:25432
_invokeFactory loader.js:7
complete loader.js:7
_onModuleComplete loader.js:8
_onModuleComplete loader.js:8
_onModuleComplete loader.js:8
_resolve loader.js:8
defineModule loader.js:7
i loader.js:7
load workbench.web.main.ts:91
promise callback*load workbench.web.main.ts:91
_loadPluginDependency loader.js:7
_resolve loader.js:8
defineModule loader.js:7
f loader.js:8
<anonymous> workbench.web.main.ts:96
<anonymous> workbench.web.main.ts:103
main.js:25253:17
ERR Error while creating IndexedDB DOMException: IDBFactory.open: The operation is insecure
b workbench.web.main.internal.js:3111
b workbench.web.main.internal.js:3111
a workbench.web.main.internal.js:3111
create workbench.web.main.internal.js:3111
n workbench.web.main.internal.js:3112
j workbench.web.main.internal.js:3112
open workbench.web.main.internal.js:3112
Bii workbench.web.main.internal.js:3364
startWorkbench main.js:25386
start main.js:25433
_invokeFactory loader.js:7
complete loader.js:7
_onModuleComplete loader.js:8
_onModuleComplete loader.js:8
_onModuleComplete loader.js:8
_resolve loader.js:8
defineModule loader.js:7
i loader.js:7
load workbench.web.main.ts:91
promise callback*load workbench.web.main.ts:91
_loadPluginDependency loader.js:7
_resolve loader.js:8
defineModule loader.js:7
f loader.js:8
<anonymous> workbench.web.main.ts:96
<anonymous> workbench.web.main.ts:103
workbench.web.main.internal.js:35:2779
INFO Using in-memory user data provider workbench.web.main.internal.js:35:2568
Error while creating broadcast channel. Falling back to localStorage. The operation is insecure. workbench.web.main.internal.js:511:1981
ERR DOMException: The operation is insecure.
P workbench.web.main.internal.js:3111
get D workbench.web.main.internal.js:397
get profiles workbench.web.main.internal.js:397
getProfileForWorkspace workbench.web.main.internal.js:397
u workbench.web.main.internal.js:3112
j workbench.web.main.internal.js:3112
open workbench.web.main.internal.js:3112
Bii workbench.web.main.internal.js:3364
startWorkbench main.js:25386
start main.js:25433
_invokeFactory loader.js:7
complete loader.js:7
_onModuleComplete loader.js:8
_onModuleComplete loader.js:8
_onModuleComplete loader.js:8
_resolve loader.js:8
defineModule loader.js:7
i loader.js:7
load workbench.web.main.ts:91
promise callback*load workbench.web.main.ts:91
_loadPluginDependency loader.js:7
_resolve loader.js:8
defineModule loader.js:7
f loader.js:8
<anonymous> workbench.web.main.ts:96
<anonymous> workbench.web.main.ts:103
workbench.web.main.internal.js:35:2779
ERR DOMException: The operation is insecure.
R workbench.web.main.internal.js:3111
get D workbench.web.main.internal.js:397
get profiles workbench.web.main.internal.js:397
getProfileForWorkspace workbench.web.main.internal.js:397
u workbench.web.main.internal.js:3112
j workbench.web.main.internal.js:3112
open workbench.web.main.internal.js:3112
Bii workbench.web.main.internal.js:3364
startWorkbench main.js:25386
start main.js:25433
_invokeFactory loader.js:7
complete loader.js:7
_onModuleComplete loader.js:8
_onModuleComplete loader.js:8
_onModuleComplete loader.js:8
_resolve loader.js:8
defineModule loader.js:7
i loader.js:7
load workbench.web.main.ts:91
promise callback*load workbench.web.main.ts:91
_loadPluginDependency loader.js:7
_resolve loader.js:8
defineModule loader.js:7
f loader.js:8
<anonymous> workbench.web.main.ts:96
<anonymous> workbench.web.main.ts:103
workbench.web.main.internal.js:35:2779
Uncaught (in promise) DOMException: The operation is insecure.
S workbench.web.main.internal.js:3111
N workbench.web.main.internal.js:397
J workbench.web.main.internal.js:397
updateProfile workbench.web.main.internal.js:397
setProfileForWorkspace workbench.web.main.internal.js:397
j workbench.web.main.internal.js:3112
open workbench.web.main.internal.js:3112
Bii workbench.web.main.internal.js:3364
startWorkbench main.js:25386
start main.js:25433
_invokeFactory loader.js:7
complete loader.js:7
_onModuleComplete loader.js:8
_onModuleComplete loader.js:8
_onModuleComplete loader.js:8
_resolve loader.js:8
defineModule loader.js:7
i loader.js:7
load workbench.web.main.ts:91
promise callback*load workbench.web.main.ts:91
_loadPluginDependency loader.js:7
_resolve loader.js:8
defineModule loader.js:7
f loader.js:8
<anonymous> workbench.web.main.ts:96
<anonymous> workbench.web.main.ts:103
workbench.web.main.internal.js:3111
Source map error: Error: request failed with status 404
Stack in the worker:networkRequest@resource://devtools/client/shared/source-map-loader/utils/network-request.js:43:9
Resource URL: https://workbench-83e5c1a0a38fabb6e481104df5f130.cdn.web-ide.gitlab-static.net/gitlab-web-ide-vscode-workbench-0.0.1-dev-20250430143302/vscode/out/vs/workbench/workbench.web.main.internal.js
Source Map URL: https://main.vscode-cdn.net/sourcemaps/d78a74bcdfad14d5d3b1b782f87255d802b57511/core/vs/workbench/workbench.web.main.internal.js.map
The resource at “https://gitlab.com/assets/gitlab-sans/GitLabSans-1e0a5107ea3bbd4be93e8ad2c503467e43166cd37e4293570b490e0812ede98b.woff2” preloaded with link preload was not used within a few seconds. Make sure all attributes of the preload tag are set correctly. ai-context-migration
The resource at “https://gitlab.com/assets/gitlab-sans/GitLabSans-Italic-38eaf1a569a54ab28c58b92a4a8de3afb96b6ebc250cf372003a7b38151848cc.woff2” preloaded with link preload was not used within a few seconds. Make sure all attributes of the preload tag are set correctly. ai-context-migration
The resource at “https://gitlab.com/assets/gitlab-mono/GitLabMono-08d2c5e8ff8fd3d2d6ec55bc7713380f8981c35f9d2df14e12b835464d6e8f23.woff2” preloaded with link preload was not used within a few seconds. Make sure all attributes of the preload tag are set correctly. ai-context-migration
The resource at “https://gitlab.com/assets/gitlab-mono/GitLabMono-Italic-38e58d8df29485a20c550da1d0111e2c2169f6dcbcf894f2cd3afbdd97bcc588.woff2” preloaded with link preload was not used within a few seconds. Make sure all attributes of the preload tag are set correctly. ai-context-migration
The resource at “https://gitlab.com/assets/gitlab-mono/GitLabMono-08d2c5e8ff8fd3d2d6ec55bc7713380f8981c35f9d2df14e12b835464d6e8f23.woff2” preloaded with link preload was not used within a few seconds. Make sure all attributes of the preload tag are set correctly. workbench.html
The resource at “https://gitlab.com/assets/gitlab-mono/GitLabMono-Italic-38e58d8df29485a20c550da1d0111e2c2169f6dcbcf894f2cd3afbdd97bcc588.woff2” preloaded with link preload was not used within a few seconds. Make sure all attributes of the preload tag are set correctly. workbench.html
Error: Channel timed out while waiting for message ready
waitForMessage DefaultCrossWindowChannel.ts:126
n helpers.ts:116
setTimeout handler*dHuN/An/< browserapierrors.ts:106
waitForMessage DefaultCrossWindowChannel.ts:124
waitForMessage DefaultCrossWindowChannel.ts:118
ready index.ts:57
un index.ts:127
an index.ts:162
j init_gitlab_web_ide.js:68
abRe index.js:27
abRe index.js:3
Webpack 6
sentry.950b8359.chunk.js:1:56465
Uncaught (in promise) Error: Could not initialize Web IDE
ready index.ts:70
un index.ts:127
an index.ts:162
j init_gitlab_web_ide.js:68
abRe index.js:27
abRe index.js:3
Webpack 6
1237.293a653d.chunk.js:1:98211
ready index.ts:70
AsyncFunctionThrow self-hosted:804
(Async: async)
un index.ts:127
an index.ts:162
InterpretGeneratorResume self-hosted:1425
AsyncFunctionNext self-hosted:800
(Async: async)
j init_gitlab_web_ide.js:68
InterpretGeneratorResume self-hosted:1425
AsyncFunctionNext self-hosted:800
(Async: async)
abRe index.js:27
InterpretGeneratorResume self-hosted:1425
AsyncFunctionNext self-hosted:800
(Async: async)
abRe index.js:3
Webpack 6
Collapsed troubleshooting steps, as the issue has been made clearer.
Troubleshooting Information
Platform: Firefox 138.0 (64-bit) on Void Linux (Kernel 6.12.28) Firefox 138.4 (64-bit)
Troubleshooting steps attempted:
- Disable extensions, add-ons.
- Restart Computer
- Firefox in Troubleshooting Mode
- Opening Gitlab on another device (Android)
- Enabling/Disabling Preferences->Integrations->Web IDE and Workspaces
It was not working on my phone last night, but that may have been impatience. It works on Firefox for Android, but not Firefox for Linux.
I suspect an account issue, but for posterity's sake:
~~ Firefox for Android 138.04 (Build #2016091471) on Android 13.~~
Output of checks
This bug happens on GitLab.com
Results of GitLab environment info
Expand for output related to GitLab environment info
(For installations with omnibus-gitlab package run and paste the output of: `sudo gitlab-rake gitlab:env:info`) (For installations from source run and paste the output of: `sudo -u git -H bundle exec rake gitlab:env:info RAILS_ENV=production`)
Results of GitLab application Check
Expand for output related to the GitLab application check
(For installations with omnibus-gitlab package run and paste the output of:
sudo gitlab-rake gitlab:check SANITIZE=true)(For installations from source run and paste the output of:
sudo -u git -H bundle exec rake gitlab:check RAILS_ENV=production SANITIZE=true)(we will only investigate if the tests are passing)
Possible fixes
Patch release information for backports
If the bug fix needs to be backported in a patch release to a version under the maintenance policy, please follow the steps on the patch release runbook for GitLab engineers.
Refer to the internal "Release Information" dashboard for information about the next patch release, including the targeted versions, expected release date, and current status.
High-severity bug remediation
To remediate high-severity issues requiring an internal release for single-tenant SaaS instances, refer to the internal release process for engineers.
Edited by 🤖 GitLab Bot 🤖