How to prevent cross-orgin error when using Github OAuth?

228 views Asked by At

I have a site that when the user signs in; it opens a new window to github login to use it’s oauth flow. The user signs in, grants access, and is redirect back to the site. https://www.example.com?code=“code”. My site then attempts to parse the code out of window.location.search. However, when this occurs I am getting the following error:

DOMException: Permission denied to get property “href” on cross-origin object.

I am not sure what to do in this case? Any thoughts would be appreciated.

1

There are 1 answers

3
Trey Griffith On

If you're trying to retrieve the value of window.location.search that appears in the new window from the original window, you need to make sure that both windows have the same origin (scheme, port and host, see more here: Same-origin Policy).

This is a security measure, otherwise a malicious site could initiate an OAuth flow and retrieve the authorization code in the popup window without controlling the redirect site.

Alternatively, you can just retrieve the code in the new window.