Closed koo9 closed 4 years ago
Hi @koo9
The is the securtiy settings on the server blocking your request. You need the server to update its CSP to remove the none and add your client domain.
Greetings Damien
@damienbod here's the CSP for IDP. ` // https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy var csp = "default-src 'self'; object-src 'none'; frame-ancestors 'none'; sandbox allow-forms allow-same-origin allow-scripts; base-uri 'self';"; // also consider adding upgrade-insecure-requests once you have HTTPS in place for production //csp += "upgrade-insecure-requests;"; // also an example if you need client images to be displayed from twitter // csp += "img-src 'self' https://pbs.twimg.com;";
// once for standards compliant browsers
if (!context.HttpContext.Response.Headers.ContainsKey("Content-Security-Policy"))
{
context.HttpContext.Response.Headers.Add("Content-Security-Policy", csp);
}
// and once again for IE
if (!context.HttpContext.Response.Headers.ContainsKey("X-Content-Security-Policy"))
{
context.HttpContext.Response.Headers.Add("X-Content-Security-Policy", csp);
}`
where to add the client domain?
I am running the sample ids which has the same CSP, it works but not my own ids.
Update:
When pointing to the ids that works for the auth code flow sample, still got the same CSP error, so it might be some from the client that create the hidden iframe, but I couldn't find anything related to creating the iframe.
You could do it something like this (using NWebSec)
@damienbod thx will take a look.
it seems like it's the issue with the silent-renew.html. after correcting that. the silent renew works! no changes made on the IDS side.
@koo9 I am having the same issue how did you end up correcting this? I see you mentioned "it's the issue with the silent-renew.html". What exactly did you fix in that file? Do you mind explaining a little further, I am kind of stuck on this problem.
Thank You
@bsheriff it's the path to silent-renew.html. make sure the path is correct.
@koo9 thanks for the quick response, but I am still a bit confused, do you mind being a bit more specific on what you mean by "path", I updated the silent-renew.html file based on what the documentation had said.
the path is the correct url to silent-renew.html. i made a mistake by pointing to a wrong url.
hi
Getting this error when it's doing silent renew:
Refused to display 'https://localhost:44385/home/error?errorId=CfDJ8AYyttD0Yl1Ov-y-FXDxH2P0-9pJ7-hxGDRwVsYkW9mKghhtH4dKfFden02ijH3Eu4B2_VDtolE1uqrXP21U0XIIGWfghozg13BdafBBkeP465RynRvD-rQ_onqkW0kdgZYNyo2QlDaTLHGr-_BSYACM1SJZpMGWdNBQ-MzZq_xUmB6SBOtJ_FlSsYqtL0iYfbcBNgl9kHbfqhEzWPK1zweXn3gslZ743qVf0kZtQP_qCh4uQC02CygBO_889O-CIgAG7oDGIJouwKEwWuKtX-RY2RjfNZvgsvOtZFly_atUsNiG6NwYBVdLn-HDUnRWiw' in a frame because an ancestor violates the following Content Security Policy directive: "frame-ancestors 'none'".
what could cause this?
Thx