bleumink / streamlit-keycloak

User authentication and single sign-on in your Streamlit app using Keycloak
MIT License
62 stars 13 forks source link

Content Security Policy directive: "frame-ancestors 'self' #23

Open jfulem opened 1 year ago

jfulem commented 1 year ago

I have an issue with this implementation. When I sign in I get this error loading the page: Refused to frame because an ancestor violates the following Content Security Policy directive: "frame-ancestors 'self'

Have you seen that before? Thanks for any help.

MatsBjerin commented 1 year ago

I have the same issue.

I have added the init_options={"checkLoginIframe": False}, to the config of the module.

But I think the issue lies with the keycloak server running in another domain i.e. not e.g. localhost but an "actual" internet domain. And in iframes, the source must be the same for all parts so that code from one domain cannot access data from another.

So I am hoping it will be ok once I deploy my code to the same system as the keycloak server and thus ensures both items come from the same protocol, domain and port.

jfulem commented 1 year ago

Thanks. It does work.