Reputation: 6416
Safari 'origin is not allowed' blocking AppEngine Identity-aware proxy https://accounts.google.com/o/oauth2/v2/auth
Getting a redirect issue on Safari browser only when trying to load an AppEngine site with Identity-aware proxy enabled. It shows requests being redirected to https://accounts.google.com/o/oauth2/v2/auth but then failing.
Origin is not allowed by Access-Control-Allow-Origin
If I load the url manually in a new tab in Safari I get: AppEngine error code 9.
I'm thinking it's probably to do with Safari's stricter cookie rules, somehow the IAP session cookie is being ignored because it's from another domain?
Upvotes: 0
Views: 329
Answers (1)
Reputation: 6416
Safari seems to have stricter CORS rules, which may require additional rules. Especially if using AppEngine IAP.
If using <img>, <video>, <link> and <script> tags, and loading content from other domains using CORS. You need the crossorigin="use-credentials" attribute to allow the cookie sharing:
<script src="https://example.com/script.js" crossorigin="use-credentials"></script>
https://developer.mozilla.org/en-US/docs/Web/HTML/CORS_settings_attributes
Note: this is less secure.
Angular has a build command which will add the attributes automatically for you:
ng build --prod --crossOrigin=use-credentials
https://angular.io/cli/build#options
Upvotes: 2
Related Questions
- IAP opens two sessions for App Engine and Compute Engine access
- Unable to enable CORS requests to a Google App Engine IAP
- Trouble authorizing access to App Engine via IAP
- Cross-Origin Request Blocked
- Google Cloud Identity Aware Proxy (App Engine) - Strange web browser behavior?
- App Engine Identity Aware Proxy AJAX requests failing with HTTP code 405
- HttpOnly cookies on google app engine java
- Access-Control-Allow-Origin Issue with API
- Google appengine authentication restrict to domain not working
- GoogleAppEngine sign-in failed