Stuck on an issue?
Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
got the error when used setupAutomaticSilentRefresh()
See original GitHub issueRefused to display 'https://**{{IdentityServer}}**/home/error?errorId=CfDJ8DLSMNqY00xHkAbv6cRcv1FnIVWROeaevqLmTAeLxD1HYyg8pYtUaBN4tWmXmfmkEwnTuVy86SH1nTDFTGF7_kCM3PgonNYOBy-hYFnv3_VDtl1uMZaS7-fEUON9I5pWX6XBW13qy54SEspMWCFZwNG-aDheXR1SrKLRTOSSEnzclxhfGfMWLvZ6VVl4TAzSKfMBFm3dif5OVFdnGGuruD0u-46Daj-LTx_gqb2HX-iMUld_9CtCt9PA0boobxB41Buz-fni47UV6WdQjFkoIG9bPnVkBCw-u3aO_ew5IDyR7kiw1fLXYHb7DRuulS4QKA' in a frame because an ancestor violates the following Content Security Policy directive: "frame-ancestors 'none'".
in a frame because an ancestor violates the following Content Security Policy directive: "frame-ancestors ‘none’
Followed exactly same example on the documentation but got this error. Do I need to do something else?
Issue Analytics
- State:
- Created 5 years ago
- Comments:5
Top Results From Across the Web
Silent Refresh - angular-oauth2-oidc
To refresh your tokens when using implicit flow you can use a silent refresh. ... It uses a hidden iframe to get another...
Read more >SPA Client (Authz Code with PKCE) - openid-connect-workshop
setupAutomaticSilentRefresh() is used to enable background refreshing of the tokens once they exceed a percentage of their maximum lifetime.
Read more >Silent Refresh - Refreshing Access Tokens when using the ...
OAuth recommendations for browser-based client applications have since evolved from the implicit flow to authorization code flow with PKCE. The ...
Read more >Silent refresh is not working in angular oauth oidc
One option that might work is to use refresh tokens instead, ... can potentially exploit it on their own hidden iframe and get...
Read more >angular-oauth2-oidc - Bountysource
Method loadDiscoveryDocumentAndTryLogin() always resolves to true for code flow, ... I have an error when I started my angular using oauth2-oidc, ...
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
@jeroenheijmans Yep you’re right. I had set up the right config I just can’t spell for the life of me. Turns out my redirectUris did not match(misspelled) what was needed for proper silent refresh. Updated the config and it worked. What helped was setting
silentRefreshShowIFrame: trueso that I could check the src of the frame which led me to checking the config. Super useful! Thanks!I’m not the OP, but could hazard a guess. The
frame-ancestorsCSP means that your browser hears from the Identity Server that it only should be iframed inside websites served from specific origins.It’s likely not something you can fix in (usage) of this Angular Library, but something you should configure in your Identity Server. Configure the hosts that are allowed to serve it in an iframe according to the docs of your IDS (e.g.
http://localhost:4200and any production host that would serve your Angular application).