LinkedIn登录:阻止了一个框架,其来源为"https://platform.linkedin.com";从访问具有原点的框架 [英] LinkedIn Login: Blocked a frame with origin "https://platform.linkedin.com" from accessing a frame with origin
问题描述
我们已经设置了使用LinkedIn代码登录的功能,并且可以与LinkedIn Javascript SDK完美配合,几天前,我们突然开始获得此功能:
We had Login with LinkedIn code set up and working perfectly with LinkedIn Javascript SDK, where a few days ago we suddenly started to get this:
Blocked a frame with origin "https://platform.linkedin.com" from accessing a frame
with origin "https://OUR_SITE". Protocols, domains, and ports must match.
登录未完成(登录从LinkedIn返回到我们的页面,并且永远等待).我不知道为什么当一切都正常运行时我们就开始出现此错误(我们没有更改有关登录机制的一行代码,也没有更改原始标头/文件或LinkedIn设置等),但是我决定添加platform.linkedin.com
允许来源标头:
And login does not complete (it returns from LinkedIn to our page and waits forever). I have no idea why we started to get this error when everything was working perfectly (we haven't changed a single line of code about the login mechanism, or allow origin headers/files, or LinkedIn settings etc) but I decided to add platform.linkedin.com
to allow origin header:
Access-Control-Allow-Origin: https://platform.linkedin.com
我可以看到标头已正确发送.但是,我仍然遇到非常相同的错误.
I can see the header sent in response correctly. However, I'm still getting the very same error.
为什么这种情况开始发生,我们如何防止这种情况发生?我的意思是,我知道微软收购了LinkedIn,但是来吧,他们不能这么快地打破它.
Why did this start happening and how can we prevent this? I mean, I know Microsoft bought LinkedIn but come on, they can't break it that fast.
推荐答案
似乎永远被打破了.
我最终完全放弃了LinkedIn SDK,并使用Vanilla JS打开了一个窗口,检查了它的事件,重定向回我自己的域(以便能够读取窗口位置,而不用进入浏览器沙箱),然后从那里读取令牌,并使用令牌手动执行我的操作.
I've ended up giving up on LinkedIn SDK completely, and using vanilla JS to open up a window, check for it's events, redirect back to my own domain (to be able to read window location and not hit into a browser sandbox) and read the token from there and use the token to manually do whatever I do.
我从没见过一家公司关心自己的开发者平台,但是至少,作为开发者,我可以告诉你,您可以手动实现使用LinkedIn登录"机制.
I've never seen a company care less about their own developer platform, but again, at least, as a developer I can tell you that you can implement the "Login with LinkedIn" mechanism by hand.
这篇关于LinkedIn登录:阻止了一个框架,其来源为"https://platform.linkedin.com";从访问具有原点的框架的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!