'cross-origin-opener-policy: same-origin' Header from login prevents OAuth flow from within popup. | Community
Skip to main content

'cross-origin-opener-policy: same-origin' Header from login prevents OAuth flow from within popup.

  • June 18, 2024
  • 1 reply
  • 0 views
T

When opening a popup window and directing the user towards OAuth, the OAuth service redirects the user to the identity provider (/login page). This login page responds with a header 'cross-origin-opener-policy: same-origin'  which causes the browser to block the document loading.

    1 reply

    T
    • tyler20
    • Author
    • June 20, 2024

    This article section describes the exact issue https://web.dev/articles/coop-coep?utm_source=devtools#integrate_coop_and_coep specifically warning that adding this header will break cross origin window oauth interactions. Please adjust your headers accordingly

    Terms & ConditionsCookie settingsAccessibility statement