-
Notifications
You must be signed in to change notification settings - Fork 57
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
what config to make google auth works ? #327
Comments
Sounds like it could be a COEP/COOP restriction.
|
I would guess the same headers but having more reproduction details would allow us to be more sure about the answers :) |
Do you have any nuxt security configuration in nuxt.config.ts file? Also what rednering does your application use? Ssr or SSG? The error in the console seems unrelated to headers, more like that some scripts are not being being rendered correctly. Do you think it could be related to either nonce or SRI? |
No configuration in nuxt config for nuxt-security. If i remove nuxt-security from modules in nuxt-config.js it works perfectly. I use ssr but this part is wrapped in ClientOnly |
With rc.5, can you try defineNuxtConfig({
security: {
headers: {
crossOriginEmbedderPolicy: false,
crossOriginOpenerPolicy: false
}
}
}) Edit: Can you also try to access the logs of the Google modal ? |
I don't think so, but we don't have much information at this stage |
with headers: { |
Nice ! I am surprised to hear that Google Sign-In forces you to disable cross-isolation. As an alternative, would you be Ok to make an additional test: defineNuxtConfig({
security: {
headers: {
// crossOriginEmbedderPolicy: false,
crossOriginOpenerPolicy: 'same-origin-allow-popups'
}
}
}) I think it would be safer |
yes it works :) thanks a lot |
Please note that I am not a COOP/COEP expert. Thank you very much for carrying out these tests, this is extremely helpful for us and for other users. |
That is a briliant idea! Let's create a PR for 1.0.0 with the example and a link to this issue :) Would you like to do it or should I create a PR? I have some time so I can do it :) |
@Baroshem As a side note, I understand that this setup preserves cross-origin isolation so it should be secure from that perspective. It’s just that SharedArrayBuffers are disabled to protect against Spectre. |
Added in f921347 |
I think that you are correct. I just looked at the documentation and we have a FAQ entry about Firebase Auth where I have recommended to disable both COOP and COEP headers instead of setting same-origin-allow-popups. |
Yes, from what I read it is probably safer to keep COEP default |
Hello,
I need assistance with enabling Google Sign-In. When I activate Nuxt Security, the Google authentication modal appears blank, but it works fine when Nuxt Security is not activated. Could you help me configure this correctly?
Thank you very much in advance.
The text was updated successfully, but these errors were encountered: