-
Notifications
You must be signed in to change notification settings - Fork 8.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
window.opener is null in oauth2-redirect.html #8030
Comments
Hi! Me and my team are also affected by this issue, the only solution is to remove the helmet middleware. But that is not the best solution for the problem 🙈 |
Hi again! We figured it out. app.use(
helmet({
contentSecurityPolicy: {
directives: {
...helmet.contentSecurityPolicy.getDefaultDirectives(),
'script-src': [ '\'self\'', '\'sha256-g6TK8Crx7YtGVUN10j0q8wD3cvwyzlvBMzQx4UjBPg4=\'' ],
'connect-src': [
'\'self\'',
`<YOUR_TOKEN_ENDPOINT>`,
],
},
},
crossOriginOpenerPolicy: {
policy: 'unsafe-none',
},
}),
); The SHA-hash is for explicitly allowing only the inline script provided by swagger, this hash may not work for you and will change if swagger changes the script in an update in the future. Then insert the url used to fetching of a new token. It is also a good idea to pin all the the swagger related dependencies to a given version in your project. |
@MiniMarker you legend. Nice one, thanks for the update I’ll try this out |
@MiniMarker looks like this is not working for me, I get a different error now - it says my root Edit: turns out the not found error was because I had used the wrong token endpoint. After following your advice, all is working now perfectly in our staging environment and locally. Nice one! |
I have read all previously closed issues relating to this subject, but most answers are not very detailed.
I am using @nestjs/swagger for my swagger-ui.
Here is what my setup looks like
When I click "Authorize"
I can login via my provider (cognito), and it successfully puts the
code
into the URL, but my oauth2-redirect.html page throws the following error:I have tested on Firefox and Chrome, same issue.
Any help with this would be really appreciated
The text was updated successfully, but these errors were encountered: