Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Content Security Policy Issue #7178

Closed
2 tasks
alanlong9278 opened this issue Jun 27, 2024 · 1 comment
Closed
2 tasks

Content Security Policy Issue #7178

alanlong9278 opened this issue Jun 27, 2024 · 1 comment
Labels
b2c Related to Azure B2C library-specific issues bug-unconfirmed A reported bug that needs to be investigated and confirmed msal-browser Related to msal-browser package msal-react Related to @azure/msal-react public-client Issues regarding PublicClientApplications question Customer is asking for a clarification, use case or information.

Comments

@alanlong9278
Copy link

Core Library

MSAL.js (@azure/msal-browser)

Core Library Version

3.17.0

Wrapper Library

MSAL React (@azure/msal-react)

Wrapper Library Version

2.0.19

Public or Confidential Client?

Public

Description

When call instance.loginPopup it throw these errors:

 msalIns
      .loginPopup(loginRequest)
      .then(res => {
        msalInstance.setActiveAccount(res.account);
      })
      .catch(e => {
        console.error(e);  // here
      });

and the 3 errors in the console log
image

Error Message

MSAL Logs

No response

Network Trace (Preferrably Fiddler)

  • Sent
  • Pending

MSAL Configuration

{
  auth: {
    clientId: 'b7284c77-5d56-4b47-a073-2ec5390624b',
    authority: `https://login.microsoftonline.com/05d75c05-fa1a-42e7-9cf1-eb416c396f2d`,
    // Full redirect URL, in form of http://localhost:3000
    redirectUri: "http://localhost:3000/unauthorized",
  },
  cache: {
    cacheLocation: "localStorage", // This configures where your cache will be stored
    storeAuthStateInCookie: false, // Set this to "true" if you are having issues on IE11 or Edge
  },
  system: {
    allowNativeBroker: false, // Disables WAM Broker
    loggerOptions: {
      loggerCallback: (level, message, containsPii) => {
        if (containsPii) {
          return;
        }
        if (!window.showMsalLog) {
          return;
        }
        switch (level) {
          case LogLevel.Error:
            console.error(message);
            return;
          case LogLevel.Info:
            return;
          case LogLevel.Verbose:
            return;
          case LogLevel.Warning:
            console.warn(message);
            return;
          default:
            return;
        }
      },
    },
  },
}

Relevant Code Snippets

import { useMsal } from "@azure/msal-react";
import { useMemo } from "react";
import { t } from "ttag";
import * as Yup from "yup";

import FormCheckBox from "metabase/core/components/FormCheckBox";
import FormErrorMessage from "metabase/core/components/FormErrorMessage";
import FormInput from "metabase/core/components/FormInput";
import FormSubmitButton from "metabase/core/components/FormSubmitButton";
import { Form, FormProvider } from "metabase/forms";
import * as Errors from "metabase/lib/errors";
import { loginRequest, msalInstance } from "metabase/msal-auth";
import { Button } from "metabase/ui";

import type { LoginData } from "../../types";

const LOGIN_SCHEMA = Yup.object().shape({
  username: Yup.string()
    .required(Errors.required)
    .when("$isLdapEnabled", {
      is: false,
      then: schema => schema.email(Errors.email),
    }),
  password: Yup.string().required(Errors.required),
  remember: Yup.boolean(),
});

interface LoginFormProps {
  isLdapEnabled: boolean;
  hasSessionCookies: boolean;
  onSubmit: (data: LoginData) => void;
}

export const LoginForm = ({
  isLdapEnabled,
  hasSessionCookies,
  onSubmit,
}: LoginFormProps): JSX.Element => {
  const initialValues = useMemo(
    () => ({
      username: "",
      password: "",
      remember: !hasSessionCookies,
    }),
    [hasSessionCookies],
  );

  const validationContext = useMemo(
    () => ({
      isLdapEnabled,
    }),
    [isLdapEnabled],
  );

  const { instance: msalIns } = useMsal();
  const onLogin = () => {
    msalIns
      .loginPopup(loginRequest)
      .then(res => {
        msalInstance.setActiveAccount(res.account);
      })
      .catch(e => {
        console.error(e);
      });
  };

  return (
    
        
        <Button style={{ margin: "1rem 1rem" }} onClick={onLogin}>
          Sign in with SSO
        </Button>
        
   
  );
};

Reproduction Steps

  1. Click Sign in with SSO button
  2. input azure account and password
  3. popup the err
  4. Click again, the popup will be closed automatically

Expected Behavior

authorized successfully and dont throw error msg

Identity Provider

Azure B2C Basic Policy

Browsers Affected (Select all that apply)

Chrome

Regression

No response

Source

External (Customer)
@alanlong9278 alanlong9278 added bug-unconfirmed A reported bug that needs to be investigated and confirmed question Customer is asking for a clarification, use case or information. labels Jun 27, 2024
@microsoft-github-policy-service microsoft-github-policy-service bot added the Needs: Attention 👋 Awaiting response from the MSAL.js team label Jun 27, 2024
@github-actions github-actions bot added b2c Related to Azure B2C library-specific issues msal-browser Related to msal-browser package msal-react Related to @azure/msal-react public-client Issues regarding PublicClientApplications labels Jun 27, 2024
@tnorling
Copy link
Collaborator

You will need to allow connection to login.microsoftonline.com in your CSP and this should resolve itself.

@microsoft-github-policy-service microsoft-github-policy-service bot removed the Needs: Attention 👋 Awaiting response from the MSAL.js team label Jul 15, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
b2c Related to Azure B2C library-specific issues bug-unconfirmed A reported bug that needs to be investigated and confirmed msal-browser Related to msal-browser package msal-react Related to @azure/msal-react public-client Issues regarding PublicClientApplications question Customer is asking for a clarification, use case or information.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@tnorling @alanlong9278