Comments (9)
maxmantz
commented on September 28, 2024
Interesting question and I must admit I haven't had this problem before. However I don't believe that this is a browser issue, but an issue with your domain2.com. It seems like this domain doesn't allow it's contents to be loaded in an iframe which has a different domain than domain2.com.
So given the situation: your app hosted on donain1.com, the OIDC provider on domain2.com with X-Frame-Options set to SAMEORIGIN. When silent renew occurs, domain2.com refuses this with the error message you've described. Source: StackOverflow.
I don't know whether you have control over what domain2.com does. If you do, you can change the options there, but if you don't I'm afraid there is not much you can do to make silent renew work - at least not in an iframe. There is however an option in oidc-client-js which is called signinPopupCallback. A popup should not be limited in the way the iframe is. I haven't yet used it myself, but you can check out the wiki at oidc-client to see if this helps you. If you look at the code for processSilentRenew() (code) you can see that you just have to replace one method call in your silent_renew.html file to make this work.
Hope this helps. Good luck!
from redux-oidc.
theirishpenguin
commented on September 28, 2024
Wow. Thanks for the quick reply. I do have control over domain2.com but I
don't think there are any options that I can set. However, I will try your
signinPopupCallback() suggestion and see if that can work around this.
Thanks so much!
…On Tue, Mar 7, 2017, 6:26 PM Maximilian Mantz ***@***.***> wrote:
Interesting question and I must admit I haven't had this problem before.
However I don't believe that this is a browser issue, but an issue with
your domain2.com. It seems like this domain doesn't allow it's contents
to be loaded in an iframe which has a different domain than domain2.com.
So given the situation: your app hosted on donain1.com, the OIDC provider
on domain2.com with X-Frame-Options set to SAMEORIGIN. When silent renew
occurs, domain2.com refuses this with the error message you've described.
Source: StackOverflow
<http://stackoverflow.com/questions/27358966/how-to-set-x-frame-options-on-iframe>
.
I don't know whether you have control over what domain2.com does. If you
do, you can change the options there, but if you don't I'm afraid there is
not much you can do to make silent renew work - at least not in an iframe.
There is however an option in oidc-client-js which is called
signinPopupCallback. A popup should not be limited in the way the iframe
is. I haven't yet used it myself, but you can check out the wiki
<https://github.com/IdentityModel/oidc-client-js/wiki> at oidc-client to
see if this helps you. If you look at the code for processSilentRenew() (
code
<https://github.com/maxmantz/redux-oidc/blob/master/src/helpers/processSilentRenew.js>)
you can see that you just have to replace one method call in your
silent_renew.html file to make this work.
Hope this helps. Good luck!
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub
<#29 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AACa5VYn3nkc4JnmF67gUOgm3nQQSBvTks5rjaFsgaJpZM4MV0xv>
.
from redux-oidc.
maxmantz
commented on September 28, 2024
No problem. Have a closer look at the SO link I've provided. It shows that the option is sent via a HTTP response header. I'm sure there must be a simple way to fix this on domain2.com - maybe even simpler than changing the renew mechanism to a popup, which in itself can cause problems with popup blockers.
from redux-oidc.
theirishpenguin
commented on September 28, 2024
Thanks for the followup. However I think browsers such as Chrome don't
support ALLOW-FROM with X-FRAME-OPTIONS as a security precaution as noted
at http://stackoverflow.com/a/14893931 (which surprisingly no one mentioned
in the SO link you posted). I tried the x-frame-options anyway and it
didn't work for me.
…On Tue, Mar 7, 2017, 6:36 PM Maximilian Mantz ***@***.***> wrote:
No problem. Have a closer look at the SO link I've provided. It shows that
the option is sent via a HTTP response header. I'm sure there must be a
simple way to fix this on domain2.com - maybe even simpler than changing
the renew mechanism to a popup.
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub
<#29 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AACa5eKeFFWubBdqjwS8Mmj_CcPXuzT4ks5rjaPAgaJpZM4MV0xv>
.
from redux-oidc.
maxmantz
commented on September 28, 2024
This may be true for ALLOW-FROM but the post also suggests removing this response header entirely. Is that not an option?
from redux-oidc.
theirishpenguin
commented on September 28, 2024
I will investigate and look into the security implications. Thanks!
…On Tue, Mar 7, 2017, 6:46 PM Maximilian Mantz ***@***.***> wrote:
This may be true for ALLOW-FROM but the post also suggests removing this
response header entirely. Is that not an option?
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub
<#29 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AACa5SdlTgKja1ludCDM_Tav3vzM1yHxks5rjaYVgaJpZM4MV0xv>
.
from redux-oidc.
maxmantz
commented on September 28, 2024
Were you able to solve this?
from redux-oidc.
theirishpenguin
commented on September 28, 2024
Hi @maxmantz I've just looked at removing the response header entirely and it works. So that is definitely a potential option. Thanks a million for your help! You can close this issue if you like now.
from redux-oidc.
maxmantz
commented on September 28, 2024
Happy to help!
from redux-oidc.
Related Issues (20)
- LOADING_USER called multiple times from my reducers
- User signed out when calling silent renew HOT 1
- access_token is undefined in user object HOT 1
- user State is not getting maintained between browser tabs HOT 2
- Error when automatically trying to reauthenticate HOT 1
- Using the library with authorization code + PKCE HOT 1
- How to store the auth token in a cookie called 'token'? HOT 1
- Passing runtime configuration to UserManager HOT 1
- On redirect, LOADING_USER and USER_EXPIRED fires just before USER_FOUND HOT 1
- errorCallback called right after successCallback in Google Chrome and Edge HOT 5
- Redux state changed to Loading_user , User_Expired, User_found HOT 1
- Update UserManager authority after creation? HOT 1
- Google OAuth: Refresh token not present in token response HOT 7
- Passing state from signinRedirect to successCallback
- Manually update the oidcUser object with extra info
- Multiple-Apps-And-One-IdentityServer
- React js version 18 typescripts issue HOT 4
- Switch oidc-client to oidc-client-ts HOT 1
- redux-oidc(4.0.0-beta1) onSuccessCallback - redirect is not working HOT 1
- Support for React 18? HOT 17
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from redux-oidc.