On Expiration, Auth Navigation not happing inside IFrame #914
Replies: 1 comment 3 replies
-
Apologies, I did misread it. It's explicitly trying to block navigate. Is IFrame redirect for auth not allowed in spec? |
Beta Was this translation helpful? Give feedback.
3 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
I'm using 2.4.11.3, and am noticing a 401 returned on a page located inside an iframe. The IFrame I'm using in the latest Chrome is sending Sec-Fetch-Mode: navigate and Sec-Fetch-Dest: iframe. Taking a look at oidc_is_auth_capable_request, it looks like it's trying to allow the "navigate" option, but(and I might be misreading the code), it looks like this will always return FALSE, because it's checking for both the navigate option and the document option without an else block and only one or the other can be set in a given request. Can you let me know if I read this right?
Beta Was this translation helpful? Give feedback.
All reactions