Cross-Origin-Opener-Policy policy would block the window.opener call.

[myusuf-netprem]

Hello,

When I host locally I am getting the following error: Cross-Origin-Opener-Policy policy would block the window.opener call.
I have exported the client ID and I own the document that I am trying to sign in to. I am using the latest version of the Google Sign-In API and the latest version of Chrome.

Please could you assist?

[devansh-sharma-tw]

Hi @myusuf-netprem , could you please share the browser console or the node logs for when you face this issue ? IT would help to identify the source of the problem.

Thanks!

[myusuf-netprem]

Hi @devansh-sharma-tw Thanks for getting back to me.

These are the errors I am getting:
1- Access to XMLHttpRequest at 'https://docs.google.com/spreadsheets/d/1iz from origin 'https://8080-cloudworkstations.dev' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
2- Failed to load resource: net::ERR_FAILED
3- Cross-Origin-Opener-Policy policy would block the window.opener call.

Thanks

[devansh-sharma-tw]

Hi @myusuf-netprem , thanks for sharing this!
The first 2 points are expected given the approach we're following for getting sheet data. But the 3rd point is something relatively new. We'll take a look at it.

Thanks!

[arturbobinski]

Having same issues with the CORS policy :(
Been trying to modify the default.template for nginx but nothing yet.

[arturbobinski]

This is what I get @devansh-sharma-tw https://www.awesomescreenshot.com/image/43175998?key=16f6c1c3ec4189c35eeaa35f600af044

Any suggestions? :)

[devansh-sharma-tw]

Hi @arturbobinski , as mentioned above, the CORS issue is expected and shouldn't be the cause of any error with the app. Based on the console errors you shared, I'm guessing the correct origins are not defined with your Google client ID (2nd last line from the screenshot - The given origin is not allowed for the given client ID) ? Could you check that in GCP ?

@myusuf-netprem , just to check, on your local setup is the Google login failing ? I do see the Cross-Origin-Opener-Policy error on my local setup, but login still works. I'm looking into updating the headers for this, but just want to understand if this broke functionality as well :)

Thanks!

[myusuf-netprem]

Hi @devansh-sharma-tw, we've looked into the issue, and the Google login is not working, and I think it's possible that you may be using the deprecated Sign in for Web library.

Thanks

[devansh-sharma-tw]

Hi @myusuf-netprem , we've moved away from the deprecated Sign In implementation to the newer OneTap implementation during the last year itself :)

Could you please confirm if you are using the latest code or docker image on your local ? You should be seeing the Google OneTap popup on the top right corner when using private sheets.

Additionally, if you are running your local server using npm, can you try adding this:

devServer: {
  headers: {
    'Cross-Origin-Opener-Policy': 'same-origin-allow-popups',
  },
},

to webpack.dev.js ?
This is the header value Google suggests to fix the error mentioned in console. Also, could you confirm if this fixes the login issue for you as well ?
We're looking into this header and we'll be pushing it with an update shortly.

Thanks!