The Google Chrome (80) Update and Possible Impact on SFX
We published a security advisory regarding a Google Chrome (80) browser update that may impact SFX users. This Google Chrome update will take place on February 4, 2020.
If you are using the SFX sidebar instead of the full link menu, there are a few important details of which you need to be aware. The sidebar uses iframes to embed external content from the content provider platform and links to the browser window. There are two potential issues with this:
- The content of a provider may be blocked.
Google Chrome (80) may prevent the provider’s content from being embedded in the SFX iframe. Some providers already block their content from being embedded. For such providers, there is already a workaround in place to create an exception and to show a link instead of the content next to the sidebar.
Users can access the full content by clicking this link. You can also disable the banner completely for such providers or choose to use direct links without the side banner.
This functionality can be set and configured from SFXAdmin > Configuration > Menu configuration > Direct Link.
- The redirect to the institution’s login before the user can access the full text may be blocked.
If you redirect the link to the provider to an authentication application embedded in the iframe, for example, Shibboleth, it will be blocked. If you are using SFX with the sidebar and you embed authentication in the iframe, you have to implement the SameSite=None, Secure fix. Ex Libris cannot implement this solution. You must make the change yourself. For more information, see the following article.