Oidc-client-js: Failed to execute 'postMessage' on 'DOMWindow':

Created on 30 Nov 2017  路  6Comments  路  Source: IdentityModel/oidc-client-js

Hey,

I have just added your lib to a React / Redux app that is consuming ID Server 3 for authentication.

I have everything working as expected, however my browser console is filling with errors
oidc-client.min.js?93dc:75 Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('http://localhost') does not match the recipient window's origin ('null').

I do not want silent renew on, nor do I need the lib to keep checking the state of the session. I thought disabling silent renew would prevent this?

question
Source
picture nodediggity
👍5

Most helpful comment

After reading the issue #225 I've got to the conclusion that this error was happening to me due to a previous error: 

Refused to display 'https://mydomain.com/connect/checksession' in a frame because it set 'X-Frame-Options' to 'SAMEORIGIN'.

This was happening because my Nginx reverse proxy was adding the header X-Frame-Options to the response.

After disabling this on the Nginx server, both the errors disappeared. The one I mentioned in this comment and the one in the title of the issue.

picture mniak on 28 Dec 2017
👍3

All 6 comments

Are you building a native/installed app (as opposed to a browser based app)? And by native/installed, that includes cordova, electron, and/or ionic.

brockallen picture brockallen on 1 Dec 2017

Hey Brock,

It's a browser based app. React / Redux running in the browser. Chrome / FF and IE all show the same message in the console.

I've attached a SS of the line highlighted by the Chrome console

capture

Could this be related to my ID Server running under http on localhost? Does the OIDC client try to render iFrame using https?

Is it possible to prevent this iFrame from being rendered? We are migrating from an Angular App to a React App and our Angular App does not use this iFrame, however it uses a custom service to interact with ID Server. We are keen now to use the recommended lib going forward.

nodediggity picture nodediggity on 1 Dec 2017

I guess what I'm puzzled by is that this is working from our normal samples... so something's not right about your setup or environment.

brockallen picture brockallen on 5 Dec 2017

@brockallen Same Error on me (I use this lib with VUE).

YouthLab picture YouthLab on 6 Dec 2017

I'm facing the same issue.
I'm using Angular 5. Both the SPA and OP are using https.

mniak picture mniak on 28 Dec 2017

After reading the issue #225 I've got to the conclusion that this error was happening to me due to a previous error: 

Refused to display 'https://mydomain.com/connect/checksession' in a frame because it set 'X-Frame-Options' to 'SAMEORIGIN'.

This was happening because my Nginx reverse proxy was adding the header X-Frame-Options to the response.

After disabling this on the Nginx server, both the errors disappeared. The one I mentioned in this comment and the one in the title of the issue.

mniak picture mniak on 28 Dec 2017
👍3
Was this page helpful?
0 / 5 - 0 ratings

Related issues

iXmonvi33 picture iXmonvi33  路  4Comments
dotli picture dotli  路  3Comments
slug56 picture slug56  路  4Comments
saeed-badar picture saeed-badar  路  4Comments
StephenRedd picture StephenRedd  路  5Comments