Mouth Ship™
Docs
Protocol Verified
engineering

[FIX-011] Blob Protocol Security Error

Forcing MemoryHistory in Blob environments to prevent SecurityErrors.

PRID: 1122
VERIFIED
1 min read

[FIX-011] Blob Protocol Security Error (History API)

📝 Problem Background

In the AI Studio Preview environment, the application failed to boot with: SecurityError: Failed to execute 'replaceState' on 'History': A history state object with URL ... cannot be created in a document with origin ... and URL 'blob:...'

🧪 Effort Metrics

  • Attempt Count: 3
  • Time Spent: 30 min
  • Complexity: ⭐⭐⭐⭐ (Environment Specific)

🔍 Root Cause Analysis

The Blob Constraint:

  1. AI Studio previews run inside an iframe served via a blob: URL (e.g., blob:https://...).
  2. This is a secure, opaque origin.
  3. Standard BrowserHistory (and even HashHistory in some configurations) attempts to read or write to the browser's address bar using window.history.
  4. Browsers strictly forbid blob: origins from modifying the URL, throwing a security exception immediately.

🛠️ Fix Strategy

Memory Fallback Protocol: We implemented a strict environment detection logic in src/entry-client.tsx that forces MemoryHistory when the protocol is blob:.

typescript
const isBlob = window.location.protocol === 'blob:';
// CRITICAL: MemoryHistory is the only safe option for Blob
const history = isBlob ? createMemoryHistory() : createBrowserHistory();

This effectively decouples the router from the browser's URL bar, allowing the app to function fully in-memory without triggering security violations.

Status: Resolved. Sandbox compatibility restored.

Authority Distribution

Share this technical artifact
X