OAuth 在 iframe 中不起作用 [英] OAuth not working inside an iframe
问题描述
我在 JSFiddle 上构建了一个 Fiddle,它通过 Foursquare 的令牌"响应类型检索 OAuth 访问令牌.一两天前,这工作正常.单击使用 Foursquare 登录"时,会出现 Foursquare 的授权页面,并且我能够获得 access_token.今天我收到一条错误消息,提示拒绝显示文档,因为 X-Frame-Options 禁止显示."我已经联系 JSFiddle 以查看他们是否更改了 X-Frame-Options 标头,但我相信是 iframe 页面指定了该标头.Foursquare 对 iframe 内 OAuth 的政策是什么?最近有没有改变?
I have built a Fiddle on JSFiddle which retrieves an OAuth access token via Foursquare's "token" response type. One or two days ago this was working fine. When "Login with Foursquare" was clicked Foursquare's authorization page appeared and I was able to get an access_token. Today I get an error that says "Refused to display document because display forbidden by X-Frame-Options." I have contacted JSFiddle to see if they have changed their X-Frame-Options headers, but I believe it is the iframed page that specifies that header. What is Foursquare's policy about OAuth inside iframes and has it changed recently?
推荐答案
我们在 Foursquare,更新了我们的 OAuth 流程,不支持嵌入 iFrame.这是由 OAuth 2 规范 推荐的一>.
We, at Foursquare, have updated our OAuth flow to not support embedding in iFrames. This is recommended by the OAuth 2 spec.
这篇关于OAuth 在 iframe 中不起作用的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
