-
Notifications
You must be signed in to change notification settings - Fork 13.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
OAuth login broken with Content Security Policy #24597
Comments
I was just helping someone in Slack with this same problem (they are using Azure OAuth): https://apache-superset.slack.com/archives/C0170U650CQ/p1688525362343059 |
Thank you for opening this ticket! The source of the problem lies in
(Make sure that Alternatively, you can disable Talisman by setting |
Thank you both for your swift replies! I'm glad there's a workaround and a solution on the way. |
Thank you for reporting this issue. A fix was done on FAB to support nonce's also, currently release on 4.3.4rc1. Hope to publish a final release soon |
FAB 4.3.4 is out and considered a new minor version on Superset |
(Version: latest, docker image: c23d0ee6153e)
The OAuth login button (Google, in my case) does nothing and in the browser console the following error is displayed:
After rolling back to 2.1.0, it appears this could be due to the new
nonce
attribute added to all the assets (possibly added by this PR). I believe it might have something to do with the extra space around the value. For example, in my case, the HTML looks like this:How to reproduce the bug
c23d0ee6153e
)/login/
Expected results
Clicking the login button should initiate the OAuth redirect login flow.
Actual results
Nothing happens
Screenshots
Environment
(please complete the following information):
3.9.17
Checklist
Make sure to follow these steps before submitting your issue - thank you!
The text was updated successfully, but these errors were encountered: