在使用iframe angular-oauth2-oidc中使用会话存储时给出domexception的错误：无法读取sessionstorage＆＃x27;

发布于 2025-02-06 03:38:32 字数 828 浏览 1 评论 0原文

我正在使用 angular-oauth2-oidc 软件包进行身份验证，并且我的应用程序用于iFrame，因此当第三方cookie被阻止时，它将出现以下错误。

core.js:6241 ERROR DOMException: Failed to read the 'sessionStorage' property from 'Window': Access is denied for this document.
at Object.createDefaultStorage [as useFactory] (http://localhost:4200/vendor.js:81943:5)
at Object.factory (http://localhost:4200/vendor.js:30286:28)
at R3Injector.hydrate (http://localhost:4200/vendor.js:30153:63)
at R3Injector.get (http://localhost:4200/vendor.js:29903:33)
at injectInjectorOnly (http://localhost:4200/vendor.js:15722:33)
at Module.ɵɵinject (http://localhost:4200/vendor.js:15732:57)
at **Object.OAuthService_Factory [as factory]**

当我从代码中删除会话存储时，我收到了相同的错误消息。我的问题是Angular-Oauth-oidc软件包以某种方式使用会话存储？除了允许第三方饼干外，我该如何克服这种情况，因为我不能依靠使用此解决方案的人允许第三方饼干？

原文

I am using the angular-oauth2-oidc package for authentication and my application is used in iFrame, so when the third-party cookies are blocked, it will give the below error.

core.js:6241 ERROR DOMException: Failed to read the 'sessionStorage' property from 'Window': Access is denied for this document.
at Object.createDefaultStorage [as useFactory] (http://localhost:4200/vendor.js:81943:5)
at Object.factory (http://localhost:4200/vendor.js:30286:28)
at R3Injector.hydrate (http://localhost:4200/vendor.js:30153:63)
at R3Injector.get (http://localhost:4200/vendor.js:29903:33)
at injectInjectorOnly (http://localhost:4200/vendor.js:15722:33)
at Module.ɵɵinject (http://localhost:4200/vendor.js:15732:57)
at **Object.OAuthService_Factory [as factory]**

When I removed the session storage from the code, I got the same error message.
My question is angular-oauth-oidc package somehow use the session storage?
How can I overcome this situation except allow the third-party cookies because I can not rely on a person using this solution to allow the third-party cookies?

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

奢望 2025-02-13 03:38:33

是的，浏览器中的限制将做到这一点。如果您的应用程序无法使用SessionStorage，则库将无法将任何令牌保存在默认存储机制中。

您需要 oauthstorage 并创建一个内存实现或其他一些与父框架协调的实现，以确保库中的数据被持续存在。

自定义存储看起来像这样：

export class CustomOAuthStorage {
  private _data: object = { };
  getItem(key: string) { return this._data[key]; }
  setItem(key: string, value: string) { this._data[key] = value; }
  removeItem(key: string) { delete this._data[key]; }
}

然后通过Angular的DI系统提供。

Yup, restrictions in browsers will do this. If sessionStorage is not available to your application the library will not be able to save any tokens in the default storage mechanism.

You need to create a custom OAuthStorage and create an in-memory implementation or some other implementation that coordinates with the parent frame to ensure data from the library gets persisted.

Custom storage could look like this:

export class CustomOAuthStorage {
  private _data: object = { };
  getItem(key: string) { return this._data[key]; }
  setItem(key: string, value: string) { this._data[key] = value; }
  removeItem(key: string) { delete this._data[key]; }
}

And then provide it through Angular's DI system.

回复收藏 0 原文

~没有更多了~