'cross-origin-opener-policy: same-origin' Header from login prevents OAuth flow from within popup. | The place for Zendesk users to come together and share
Skip to main content
Question

'cross-origin-opener-policy: same-origin' Header from login prevents OAuth flow from within popup.

  • June 18, 2024
  • 1 reply
  • 9 views
T

When opening a popup window and directing the user towards OAuth, the OAuth service redirects the user to the identity provider (/login page). This login page responds with a header 'cross-origin-opener-policy: same-origin'  which causes the browser to block the document loading.

1 reply

T
  • tyler20
  • Author
  • June 20, 2024

This article section describes the exact issue https://web.dev/articles/coop-coep?utm_source=devtools#integrate_coop_and_coep specifically warning that adding this header will break cross origin window oauth interactions. Please adjust your headers accordingly

Terms & ConditionsCookie settingsAccessibility statement