I am using angular-oidc-auth2 v9.0.3 to request token renewal by silent refresh. I am using implicit flow. it was working good until google chrome updated version to 85. I have observed the request and found that Google chrome used to have Referrer Policy: no-referrer-when-downgrade before and all was good. then from version 85 they have defaulted to Referrer Policy: strict-origin-when-cross-origin. and after that it started failing the token refresh. For security reason I cannot share the code however our identity server is in the different domain than application. Is there anyway I can set header for referrer policy Silent refresh request? Or any other way it can be resolved?
Silent Refresh not working after Google Chrome updated to Version 85
1.2k Views Asked by user1898171 At
2
There are 2 best solutions below
Related Questions in REFRESH
- How to refresh a listview within a Fragment
- Android HorizontalLitview refresh is not working
- Stop script execution after refresh
- Stop form from refreshing the page on submit
- How to stay on active tab after refresh on page?
- How to regenerate indexes after removing element
- Alternatives to refresh to avoid blacklisting
- How to Update JFrame Components?
- How to reload list view?
- does http-equiv Refresh meta tag URL get a leading slash?
- Refreshing SQL view after adding a default constraint to one of its tables
- PHP - Prevent Duplicate Form Requests On Refresh?
- How to refresh datagridview with button?
- Refreshing an entire Linq to SQL DataContext
- Javascript/JQuery function not working on first page load. Then works on refresh
Related Questions in OPENID-CONNECT
- OpenID Connect Account linking
- Authentication with OAuth and JWT but without OpenID Connect
- How to retrieve an OpenID Connect Identity Token from a cookie
- Windows Live Open ID Connect/Oauth 2.0 How to use for SSO with Apache mod_auth_openidc
- Get the user's email address from Azure AD via OpenID Connect
- Validate an Access Token at the Resource Server and Respond Accordingly
- Google OAuth: What do the various fields in id_token stand for?
- Role based Authorization on WebApi Controllers in IdentityServer4?
- Does OpenID Connect support resource sharing
- Manual accesstoken generation using OpenIdConnect Server (ASOS)
- Failing Okta OAuth2 token validation in AspNetCore
- OpenID Connect Standard: Authorized Party azp Contradiction
- Storage of OAuth access tokens in Javascript clients (e.g. Angular)
- Implementing SSO using OpenID Connect and usage of tokens
- Azure AD OpenIDConnect + ASP.NET Core - Authenticate and Extra Permissions/Token?
Related Questions in SILENT
- How to not show "unspecified error" when throwing exception
- Want to use both silent push notification and remote push notification based on app state
- Bootstrap and PHP file upload
- Sending silent push notifications using Parse.com
- Ethical hacking script not working - no error message
- How to use Notepad++ as editor for 7zip, without showing a console window?
- Creating a custom action in Wix for use in silent installation
- Android javascript api silent mode
- Unmute stream in silent mode
- Invoke-Expression: Positional parameter cannot be found that accepts argument /s
- Mute ANY sound of my page. How?
- Phonegap notification.beep ignore silent mode
- Silent Refresh not working after Google Chrome updated to Version 85
- Silent Installation for msi using Install shiled
- Is there a silent installation mode for Dia on Windows?
Related Questions in ANGULAR-OAUTH2-OIDC
- Silent Refresh not working after Google Chrome updated to Version 85
- Angular with Okta sign in
- Issues with OAuth2 and angular-auth2-oidc Library - PKCE Code Flow
- angular-oauth2-oidc does not send access_token to resource server
- angular-oauth2-oidc check session issue
- Angular angular-oauth2-oidc v15.0.0 client id not included in logout
- How to config OpenID in angular-oauth2-oidc so that some address doesn't need to authenticate
- connect/authorize/callback not able to authenticate a user for Angular child app from angular Parent APP - IdentityServer4 SSO
- Angular single page application with angular-oauth2-oidc unable to get identity claims. How can I evaluate the token after the initCodeFlow method?
- Can't authenticate Google access token on my net.core backend
- Angular-oauth2-oidc adds parameters to redirect uri
- error loading discovery document - AD FS integration using angular-oauth2-oidc
- oauthService.getAccessToken() returns null in angular-oauth2-oidc
- Best way to ensure subscription happened before emitting next value
- Angular Oauth2 OIDC - How to check if user is logged in?
Related Questions in REFERRER-POLICY
- Referrer url is being stripped out of header because of browser policy
- Silent Refresh not working after Google Chrome updated to Version 85
- Trying to set X-Frame and CSP to display another websites login page but connection refused
- Web Push Php Library Example - Strict Origin When Cross Origin
- Request Error: 'Referrer Policy: strict-origin-when-cross-origin' in Angular when build in --prod mode
- Google Update Created Bug - This file should be served over HTTPS. This download has been blocked
- Asp.Net Core API CORS policy error (+308 status code)
- PHP script can't open certain URLs
- Laravel Cors Referrer Policy
- How to set the Referrer-Policy HTTP header with the Angular HTTP Client?
- Strip out referers from script src
- How can I pass referrer details via an HTML element in Safari?
- Best way to use the current URL as a parameter to external API in javascript
- What does the Angular "strict-origin-when-cross-origin" Error mean?
- Safari - iOS 13.5.1 - Referrer Policy Issue
Trending Questions
- UIImageView Frame Doesn't Reflect Constraints
- Is it possible to use adb commands to click on a view by finding its ID?
- How to create a new web character symbol recognizable by html/javascript?
- Why isn't my CSS3 animation smooth in Google Chrome (but very smooth on other browsers)?
- Heap Gives Page Fault
- Connect ffmpeg to Visual Studio 2008
- Both Object- and ValueAnimator jumps when Duration is set above API LvL 24
- How to avoid default initialization of objects in std::vector?
- second argument of the command line arguments in a format other than char** argv or char* argv[]
- How to improve efficiency of algorithm which generates next lexicographic permutation?
- Navigating to the another actvity app getting crash in android
- How to read the particular message format in android and store in sqlite database?
- Resetting inventory status after order is cancelled
- Efficiently compute powers of X in SSE/AVX
- Insert into an external database using ajax and php : POST 500 (Internal Server Error)
Popular Questions
- How do I undo the most recent local commits in Git?
- How can I remove a specific item from an array in JavaScript?
- How do I delete a Git branch locally and remotely?
- Find all files containing a specific text (string) on Linux?
- How do I revert a Git repository to a previous commit?
- How do I create an HTML button that acts like a link?
- How do I check out a remote Git branch?
- How do I force "git pull" to overwrite local files?
- How do I list all files of a directory?
- How to check whether a string contains a substring in JavaScript?
- How do I redirect to another webpage?
- How can I iterate over rows in a Pandas DataFrame?
- How do I convert a String to an int in Java?
- Does Python have a string 'contains' substring method?
- How do I check if a string contains a specific word?
Sorry https://developers.google.com/web/updates/2020/07/referrer-policy-new-chrome-default says that you need to only refer to your own site in a script.
You will need to write a proxy script in the form...