Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Authentication failed because the document is sandbox and lack of allow-same-origin #6235

Closed
theogumilang opened this issue Jul 13, 2023 · 6 comments
Closed

Authentication failed because the document is sandbox and lack of allow-same-origin #6235

theogumilang opened this issue Jul 13, 2023 · 6 comments
Assignees
@lalimasharda
Labels
bug-unconfirmed A reported bug that needs to be investigated and confirmed msal-browser Related to msal-browser package msal-react Related to @azure/msal-react Needs: Author Feedback Awaiting response from issue author no-issue-activity Issue author has not responded in 5 days public-client Issues regarding PublicClientApplications question Customer is asking for a clarification, use case or information.

Comments

@theogumilang
Copy link

Core Library

MSAL.js (@azure/msal-browser)

Core Library Version

1.5.9

Wrapper Library

MSAL React (@azure/msal-react)

Wrapper Library Version

None

Public or Confidential Client?

Public

Description

I tried to embed our web app in some iframe this iframe has sandbox property after we embed our web app I can't authenticate, after login, the pop-up will be blank and not be closed.

  export const msalConfig = {
    auth: {
        clientId: clientId,
        authority: `https://login.microsoftonline.com/${tenantId}`,
        redirectUri: "/",
        postLogoutRedirectUri: "/"
    },
    cache: {
        cacheLocation: "localStorage", // This configures where your cache will be stored
        storeAuthStateInCookie: false, // Set this to "true" if you are having issues on IE11 or Edge
    },
    system: {
        windowHashTimeout: 59000, // Applies just to popup calls - In milliseconds
        iframeHashTimeout: 59000, // Applies just to silent calls - In milliseconds
        loadFrameTimeout: 59000 // Applies to both silent and popup calls - In milliseconds
    }
};
   <MsalProvider instance={msalInstance}>
                <AuthenticatedTemplate>
                    <div className="App">
                        <Routes>
                            <Route exact path="/" element={<SideBar />} />
                            <Route path="/Onlydashboard" element={<Dashboard />} />
                            <Route path="/DetailsCreateRequestAttendanceOnly" element={<DetailsCreateRequestAttendance />} />
                            <Route path="/DetailsCreateClaimbenefitOnly" element={<DetailsCreateClaimBenefit />} />
                            <Route path="/DetailsClaimBenefitOnly" element={<DetailsClaimBenefit />} />
                            <Route path="/ApproveRejectAttendanceOnly" element={<ApproveRejectAttendance />} />


                        </Routes>
                        <SideBar></SideBar>
                    </div>
                </AuthenticatedTemplate>
                <UnauthenticatedTemplate>
                    <span>Only unauthenticated users can see me.</span>
                </UnauthenticatedTemplate>
                <MsalAuthenticationTemplate interactionType={InteractionType.Popup}
                    authenticationRequest={request}>

                </MsalAuthenticationTemplate>
            </MsalProvider>

This is the error we got
Uncaught DOMException: Failed to read the 'cookie' property from 'Document': The document is sandboxed and lacks the 'allow-same-origin' flag.

Error Message

Uncaught DOMException: Failed to read the 'cookie' property from 'Document': The document is sandboxed and lacks the 'allow-same-origin' flag.

Msal Logs

No response

MSAL Configuration

export const msalConfig = {
    auth: {
        clientId: clientId,
        authority: `https://login.microsoftonline.com/${tenantId}`,
        redirectUri: "/",
        postLogoutRedirectUri: "/"
    },
    cache: {
        cacheLocation: "localStorage", // This configures where your cache will be stored
        storeAuthStateInCookie: false, // Set this to "true" if you are having issues on IE11 or Edge
    },
    system: {
        windowHashTimeout: 59000, // Applies just to popup calls - In milliseconds
        iframeHashTimeout: 59000, // Applies just to silent calls - In milliseconds
        loadFrameTimeout: 59000 // Applies to both silent and popup calls - In milliseconds
    }
};

Relevant Code Snippets

<MsalProvider instance={msalInstance}>
                <AuthenticatedTemplate>
                    <div className="App">
                        <Routes>
                            <Route exact path="/" element={<SideBar />} />
                            <Route path="/Onlydashboard" element={<Dashboard />} />
                            <Route path="/DetailsCreateRequestAttendanceOnly" element={<DetailsCreateRequestAttendance />} />
                            <Route path="/DetailsCreateClaimbenefitOnly" element={<DetailsCreateClaimBenefit />} />
                            <Route path="/DetailsClaimBenefitOnly" element={<DetailsClaimBenefit />} />
                            <Route path="/ApproveRejectAttendanceOnly" element={<ApproveRejectAttendance />} />


                        </Routes>
                        <SideBar></SideBar>
                    </div>
                </AuthenticatedTemplate>
                <UnauthenticatedTemplate>
                    <span>Only unauthenticated users can see me.</span>
                </UnauthenticatedTemplate>
                <MsalAuthenticationTemplate interactionType={InteractionType.Popup}
                    authenticationRequest={request}>

                </MsalAuthenticationTemplate>
            </MsalProvider>

Reproduction Steps

  1. Use Pop up authentication
  2. Create Iframe with this property sandbox="allow-scripts allow-forms allow-popups allow-popups-to-escape-sandbox"
  3. Login.

Expected Behavior

The pop-up will not be closed and blank

Identity Provider

Azure AD / MSA

Browsers Affected (Select all that apply)

Chrome

Regression

No response

Source

External (Customer)
@theogumilang theogumilang added bug-unconfirmed A reported bug that needs to be investigated and confirmed question Customer is asking for a clarification, use case or information. labels Jul 13, 2023
@microsoft-github-policy-service microsoft-github-policy-service bot added the Needs: Attention 👋 Awaiting response from the MSAL.js team label Jul 13, 2023
@github-actions github-actions bot added msal-browser Related to msal-browser package msal-react Related to @azure/msal-react public-client Issues regarding PublicClientApplications labels Jul 13, 2023
@lalimasharda
Copy link
Contributor

Hey @theogumilang ! I am not very familiar with sandboxing iframes but after reading a bit on this topic, does adding allow-same-origin flag to your sandbox property work for you?

@lalimasharda lalimasharda added Needs: Author Feedback Awaiting response from issue author and removed Needs: Attention 👋 Awaiting response from the MSAL.js team labels Jul 14, 2023
@microsoft-github-policy-service
Copy link
Contributor

@theogumilang This issue has been automatically marked as stale because it is marked as requiring author feedback but has not had any activity for 5 days. If your issue has been resolved please let us know by closing the issue. If your issue has not been resolved please leave a comment to keep this open. It will be closed automatically in 7 days if it remains stale.

@microsoft-github-policy-service microsoft-github-policy-service bot added the no-issue-activity Issue author has not responded in 5 days label Jul 19, 2023
@theogumilang
Copy link
Author

Hey @theogumilang ! I am not very familiar with sandboxing iframes but after reading a bit on this topic, does adding allow-same-origin flag to your sandbox property work for you?

yes, after adding those properties. It will work properly.

@microsoft-github-policy-service microsoft-github-policy-service bot added the Needs: Attention 👋 Awaiting response from the MSAL.js team label Jul 29, 2023
@microsoft-github-policy-service
Copy link
Contributor

This issue requires attention from the MSAL.js team and has not seen activity in 5 days. @lalimasharda please follow up.

1 similar comment
@microsoft-github-policy-service
Copy link
Contributor

This issue requires attention from the MSAL.js team and has not seen activity in 5 days. @lalimasharda please follow up.

@lalimasharda
Copy link
Contributor

Hey @theogumilang, is this issue resolved now?

@microsoft-github-policy-service microsoft-github-policy-service bot removed the Needs: Attention 👋 Awaiting response from the MSAL.js team label Aug 8, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@lalimasharda lalimasharda

Labels
bug-unconfirmed A reported bug that needs to be investigated and confirmed msal-browser Related to msal-browser package msal-react Related to @azure/msal-react Needs: Author Feedback Awaiting response from issue author no-issue-activity Issue author has not responded in 5 days public-client Issues regarding PublicClientApplications question Customer is asking for a clarification, use case or information.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@lalimasharda @theogumilang