Connection to https://<my account>/oauth/token is blocked

berlaga · October 3, 2020, 9:54pm

Hi! I am integrating auth0.js into a VueJS client. In a development environment, everything works great.
But when I deploy this (NodeJS server serve this from the public folder) I get the following error:

Refused to connect to ‘https:///oauth/token’ because it violates the following Content Security Policy directive: “default-src ‘self’”. Note that ‘connect-src’ was not explicitly set, so ‘default-src’ is used as a fallback.

My code is below

const auth0Client = new auth0.WebAuth({
  domain: authConfig.domain,
  clientID: authConfig.clientID,
  audience: authConfig.apiAudience,
  redirectUri: authConfig.callbackUrl,
  scope: authConfig.scope,
  responseType: authConfig.responseType,
});

auth0Client.client.login(
        {
          realm: "Username-Password-Authentication",
          username: this.user,
          password: this.password,
        },
        (err, authResult) => {...

I omit the rest for clarity. I’m lost. Any help is greatly appreciated it.

dan.woda · October 5, 2020, 9:59pm

Hi @berlaga,

Welcome to the Community!

It looks like the error is missing your domain https:///oauth/token.

This suggests your config file is not making it to the deployment for some reason.

berlaga · October 6, 2020, 4:32am

I skip my account for clarity. That was not the reason

dan.woda · October 6, 2020, 8:23pm

Have you looked into the error? This SO questions covers it pretty thoroughly.

system · October 28, 2020, 4:49pm

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.