Open idan-weiss opened 1 year ago
Thank you for your contribution to OneDrive API Docs. We will be triaging your incoming issue as soon as possible.
We experience the exact same issue. Feels like somekind of race condition
Using Incognito mode in Chrome will result in errors
Uncaught (in promise) DOMException: Failed to read the 'localStorage' property from 'Window': Access is denied for this document.
t.odsp-common.js
code: "SecurityError" message: "Failed to read the 'localStorage' property from 'Window': Access is denied for this document." notification: "page-loaded"
We're also experiencing this same problem
Hi, anything new?
We're also experiencing this same problem
We are also experiencing this. Is there any solution?
@idan-weiss (or anyone else in this thread actually): You said "After reading this issue - https://github.com/OneDrive/onedrive-api-docs/issues/1621 , I made sure that my audience
in the token is indeed correct".
Did you have to do anything when retrieving the token (e.g. in the call to msal's acquireTokenSilent
or loginPopup
) to set the audience
value? I'm unclear how this is set. Right now if I inspect the JWT access token the payload.aud
value is a UUID with a whole bunch of zeros, so I'm assuming that's my problem, I just am unclear how to fix it.
Category
Expected or Desired Behavior
Not have CSP and X-Frame-Options headers in the response
Observed Behavior
Hi! I'm working with the File Picker v8 in an iframe, and sometimes when initiating the picker by making a request to
https://<TENANT_NAME>-my.sharepoint.com/_layouts/15/FilePicker.aspx
the server returns the CSP and the X-Frame-Options headers, which result in the errorRefused to frame 'https://<TENANT_NAME>-my.sharepoint.com/' because an ancestor violates the following Content Security Policy directive: "frame-ancestors 'self' teams.microsoft.com *.teams.microsoft.com *.skype.com *.teams.microsoft.us local.teams.office.com *.powerapps.com *.yammer.com *.officeapps.live.com *.office.com *.stream.azure-test.net *.microsoftstream.com *.dynamics.com *.microsoft.com onedrive.live.com *.onedrive.live.com securebroker.sharepointonline.com".
After reading this issue - https://github.com/OneDrive/onedrive-api-docs/issues/1621 , I made sure that my
audience
in the token is indeed correct, and in fact, sometimes I can get valid response (with no CSP header) and sometimes I get an invalid response (with the CSP header) using the very same access token.Not sure what to do on this one
Steps to Reproduce
I don't have a way to always reproduce it. It just sometimes happens to me. If you try to load the file picker in an iframe enoough times it should be reproduced.
Thank you.