You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hello,
I have discovered that one needs to configure frame-src 'self' localhost:PORT domain.ext; frame-ancestors 'self' localhost:PORT domain.ext; object-src 'self' localhost:PORT domain.ext; in Keycloak admin at Security Defenses in the realm.
Otherwise the iframe will fail with ...because an ancestor violates the following Content Security Policy directive: "frame-ancestors 'self'".
This only reproduced when I changed the token manually and tried to refresh the page to check if it would log out. I also had to add keycloak.clearToken() to the .catch in the init to fix this because Keycloak will return 404 if you try to authenticate with an invalid token.
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
-
Hello,
I have discovered that one needs to configure
frame-src 'self' localhost:PORT domain.ext; frame-ancestors 'self' localhost:PORT domain.ext; object-src 'self' localhost:PORT domain.ext;in Keycloak admin at Security Defenses in the realm.Otherwise the iframe will fail with
...because an ancestor violates the following Content Security Policy directive: "frame-ancestors 'self'".This only reproduced when I changed the token manually and tried to refresh the page to check if it would log out. I also had to add keycloak.clearToken() to the .catch in the init to fix this because Keycloak will return 404 if you try to authenticate with an invalid token.
Beta Was this translation helpful? Give feedback.
All reactions