Matt
a2e1067432
CRITICAL FIX: Resolve SSO login endless loading and CORS errors ## Issues Resolved: ### 1. CORS Policy Violations - Disabled checkLoginIframe (causes cross-origin iframe errors) - Removed silentCheckSsoRedirectUri (blocked by modern browsers) - Disabled checkLoginIframeInterval to prevent 3rd party cookie checks ### 2. Cross-Domain Compatibility - Set responseMode to 'query' for better proxy compatibility - Configured standard flow instead of implicit - Added proper timeout handling (messageReceiveTimeout: 10000) - Enhanced debug logging for troubleshooting ### 3. Redirect URI Consistency - Fixed login() to use proper baseUrl for redirect URIs - Ensures HTTPS URLs in production environment - Consistent URL generation across initialization and login ### 4. Browser Security Compliance - Disabled enableLogging to reduce console noise - Removed iframe-based features that modern browsers block - Maintained PKCE (S256) for security while fixing compatibility ## Technical Details: The previous errors were caused by Keycloak trying to use: - /protocol/openid-connect/3p-cookies/step1.html - /protocol/openid-connect/login-status-iframe.html These are blocked by browsers' cross-origin policies when the app and Keycloak are on different domains (client.portnimara.dev vs auth.portnimara.dev). This fix disables these problematic features while maintaining full OAuth functionality and security. The SSO login should now work without endless loading issues. |
||
|---|---|---|
| .. | ||
| useKeycloak.ts | ||
| usePWA.ts | ||
| usePortalTags.ts | ||
| useToast.ts | ||
| useUnifiedAuth.ts | ||