Identified - Impact: If your use of Chameleon depends on selecting page elements that reside within iframes, those specific Chameleon Experiences may not not be running correctly.
Working: Main page is app.acme.com and the iframe is app.acme.com Not working: Main page is app.acme.com and the iframe is content.acme.com
Further context is that prior to Chrome 115, iframes on the same origin (e.g. app.acme.com and content.acme.com) allowed their content is be accessible to the parent page. Chameleon uses this same-origin access pattern to find and attach Chameleon Experiences to the element found within an iframe. However, starting in Chrome 115, Google removed support for modifying a property called `document.domain` which permits this behavior. Now, because Google has disabled this feature, Chameleon cannot currently directly access content of iframes with subdomains that differ from the parent page.
The Chameleon team is working quickly to restore full support for same-origin iframes. We plan to ship an early version of this to impacted customers in the coming days. If you are using iframes in the way described above, please reach out to your account manager or hello@chameleon.io let us know. Also indicate if you want to be added to the iframe feature preview when it's ready.
Workaround: In the meantime, the workaround is to match the domain of the content inside an iframe with the content outside of the iframe (referenced as "Working:" above). Some teams we're in contact with have had success in simply proxying their iframed content through the same domain as their main page (let us know if you want more information on how to do this).
Oct 18, 2023 - 10:36 PDT
User profile API
?
Operational
90 days ago
100.0
% uptime
Today
JavaScript CDN
?
Operational
90 days ago
100.0
% uptime
Today
Sidebar API
?
Operational
Data API
Operational
Heroku
Operational
Transactional emails
?
Operational
HelpBar Search API
Operational
Privacy notifications
?
Operational
Operational
Degraded Performance
Partial Outage
Major Outage
Maintenance
Major outage
Partial outage
No downtime recorded on this day.
No data exists for this day.
had a major outage.
had a partial outage.
Related
No incidents or maintenance related to this downtime.
Resolved -
We are contacting you as per the terms of our Data Processing Agreement (DPA) to inform you of new sub-processors being implemented by Chameleon.
At Chameleon, data privacy and security are a priority and we understand the importance of keeping your company's data secure. We have recently completed our third SOC 2 Type II audit and leverage a continuous security monitoring solution to maintain ongoing compliance.
Name Data Location Description OpenAI United States AI API platform Pipedream United States API automation platform
These sub-processors have been evaluated according to Chameleon’s third-party risk management process. If you'd like to know more about our privacy and security practices, please visit our security page (https://chameleon.io/security) or contact us at security@chameleon.io.