Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Unable to sign-up, turnstile not loaded in cors-friendly way #2521

Open
4 tasks done
simonschmidt opened this issue Jan 9, 2024 · 3 comments
Open
4 tasks done

Unable to sign-up, turnstile not loaded in cors-friendly way #2521

simonschmidt opened this issue Jan 9, 2024 · 3 comments
Labels
confirmed improvement

Comments

@simonschmidt
Copy link

simonschmidt commented Jan 9, 2024
edited by linear bot

Preliminary Checks

Reproduction / Replay Link

n/a

Publishable key

n/a

Description

On a site with cross-origin-embedder-policy: require-corp it is not possible to sign-up using email as turnstile fails to load with:

GET https://FRONTEND_API/cloudflare/turnstile/v0/api.js?render=explicit&_clerk_js_version=4.68.1 net::ERR_BLOCKED_BY_RESPONSE.NotSameOriginAfterDefaultedToSameOriginByCoep 200 (OK)

Reproduce

  1. Ensure site has cross-origin policy headers set
  2. Bring up the sign-in popup, e.g. Clerk.openSignIn()
  3. Click "Sign up"
  4. Enter valid email address and password
  5. Click "Continue"

See error:

Sign up unsuccessful due to failed bot validation. Please refresh the page to try again or reach out to support for more assistance.

Workaround

Manually add a script tag with crossorigin="anonymous" attribute, this works because the captcha loader checks if window.turnstile exists and if so does not try to load it again.

Potential fix

I think it can be fixed by passing in crossOrigin: 'anonymous' in captcha.ts as that should do the same thing as the workaround.

Environment

n/a
@simonschmidt simonschmidt added the needs-triage A ticket that needs to be triaged by a team member label Jan 9, 2024
@linear linear bot added bug Something isn't working improvement and removed needs-triage A ticket that needs to be triaged by a team member bug Something isn't working labels Jan 29, 2024
@clerk-cookie
Copy link
Collaborator

Hello 👋

We currently close issues after 40 days of inactivity. It's been 30 days since the last update here. If we missed this issue, please reply here. Otherwise, we'll close this issue in 10 days.

As a friendly reminder: The best way to see an issue fixed is to open a pull request. If you're not sure how to do that, please check out our contributing guide.

Thanks for being a part of the Clerk community! 🙏

@simonschmidt
Copy link
Author

Bump

@clerk-cookie clerk-cookie removed the Stale label Mar 1, 2024
@jescalan jescalan added the confirmed label Mar 19, 2024 — with Linear
@jescalan
Copy link
Contributor

So sorry @simonschmidt - something happened with our labeler here that got it messed up. We have this in our backlog and are planning to address!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
confirmed improvement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@jescalan @simonschmidt @clerk-cookie