Skip to content

Commit

Permalink
fix: remove the iFrame Silent Refresh from the default checkSession b…
Browse files Browse the repository at this point in the history 
…ecause of Cross Domain issues with the iFrames. Added TODO to investigate and pick up later. For now the functionality is turned off because it is just inconvenient, not blocking.
  • Loading branch information
Kevin Riemens committed Dec 12, 2022
1 parent 08fe9e2 commit 083bb3f
Show file tree
Hide file tree
Showing 2 changed files with 17 additions and 20 deletions.
33 changes: 17 additions & 16 deletions src/flows/implicit-flow/implicit-flow.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -106,22 +106,23 @@ export async function implicitFlow(
}

// 4. get the auth result from a silent refresh
const authResultFromSilentRefresh = await silentRefresh(
authValidationOptions,
).catch(() => null);
if (authResultFromSilentRefresh) {
if (await isValidNewAuthResult(authResultFromSilentRefresh)) {
storeAuthResult(authResultFromSilentRefresh);
if (
isValidStoredAuthResult(
authResultFromSilentRefresh,
authValidationOptions?.extraAuthFilters || [],
)
) {
return authResultFromSilentRefresh;
}
}
}
// TODO: Reenable this once we find a way to Catch the `ERROR DOMException: Blocked a frame with origin 'origin'` error.
// const authResultFromSilentRefresh = await silentRefresh(
// authValidationOptions,
// ).catch(() => null);
// if (authResultFromSilentRefresh) {
// if (await isValidNewAuthResult(authResultFromSilentRefresh)) {
// storeAuthResult(authResultFromSilentRefresh);
// if (
// isValidStoredAuthResult(
// authResultFromSilentRefresh,
// authValidationOptions?.extraAuthFilters || [],
// )
// ) {
// return authResultFromSilentRefresh;
// }
// }
// }

// There is no auth result; try to get one for the next time we call this
// function, by redirecting to the authorize endpoint.
Expand Down
4 changes: 0 additions & 4 deletions src/utils/iframe.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -47,10 +47,6 @@ export function loadIframeUrl(url: string): Promise<string> {
resolve(iFrame.contentWindow.location.href);
};

iFrame.onerror = () => {
reject('iframe error (possible reasons: COR / CSP / Frame Ancestors / other iFrame security issues');
}

timeout(20000).then(() => {
reject('iFrame rejected');
});
Expand Down

0 comments on commit 083bb3f

Please sign in to comment.