SAML login fails in Chromium based browser even after adding hash in the CSP

spring-projects / spring-security

Spring Security

http://spring.io/projects/spring-security

Apache License 2.0

8.83k stars 5.9k forks source link

SAML login fails in Chromium based browser even after adding hash in the CSP #16045

Open snpt62 opened 1 week ago

snpt62 commented 1 week ago

SAML login fails in Chromium based browser even after adding hash in the CSP

To Reproduce Setup a system with SAML along with WSO2 as IdP Log in with Chromium based browser Login process will be stuck at attempting to submit form data to identity provider

Expected behavior No JavaScript error should occur but the form should be submitted without any error.

jzheaux commented 1 week ago

Hi, @snpt62, sorry you are having trouble. Your CSP seems to be complaining about Javascript in WSO2.

The value of the header:

script-src 'self' 'sha256-oZhLbc2kO8b8oaYLrUc7uye1MgVKMyLtPqWR4WtKF+c='

is correctly allowing the Spring Security Javascript to run; otherwise, it wouldn't have redirected to the WSO2 login page. You might try and change your CSP header to also include the hashes that the error message specifies.

If you still feel it's an issue with Spring Security, can you provide more detail?

spring-projects-issues commented 1 day ago

If you would like us to look at this issue, please provide the requested information. If the information is not provided within the next 7 days this issue will be closed.