https://supertokens.com/ logo
Join Discord
Powered by
hi, i have a question. I'm implementing apple thir...
# support-questions-legacy
i
hi, i have a question. I'm implementing apple thirdparty signin. the flow works fine and apple call my api/auth/callback/apple with response status 200 but the backend don't return to my website domain. In Chrome console i have this error: "Refused to execute inline script because it violates the following Content Security Policy directive: “script-src ‘self’“. Either the ‘unsafe-inline’ keyword, a hash (‘sha256-O+xgXnYzZer/Ev6f0GV4Y96/B1k6naW0deebXvwnaXQ=’), or a nonce (‘nonce-...’) is required to enable inline execution." Can u help me?
r
hey!
Do you have JS disabled on chrome?
i
no
js is not disabled
i'm using "supertokens-node" 9.2.1 on the backend
r
can you disable all browser extensions and try again?
i
ok, i'll try
disabled all the extensions, but the same error
r
So this usually happens only in development mode based on browser settings
im not really sure which browser setting causes this issue though
i
app.use( helmet({ crossOriginResourcePolicy: isProduction, crossOriginEmbedderPolicy: false, contentSecurityPolicy: { directives: { frameAncestors: [ 'https://*.sporteams.app', 'http://localhost*', 'http://*.sporteams.app', ], frameSrc: [ 'https://*.sporteams.app', 'http://localhost*', 'http://*.sporteams.app', ], }, }, frameguard: false, }), );
this is my options to helmet in main.ts
r
ahhh right.
i
could this help?
r
Can you comment out the helmet middleware and see if that solves the issue?
i
ok, i'll try
r
also maybe you can open an issue about this in our node repo github, that would be great
i
i'm testing if this resolve the error and then i'll open the issue on github 😄
without helmet works!
r
cool. Even if it does resolve it, we should still make it so that it works with helmet
i
ok 😄
2 Views
PreviousNext
Powered by