5

I am trying to integrate React with keycloak. But I am getting this error on console

    Refused to frame 'http://localhost:8080/'
 because an ancestor violates the following Content Security Policy directive: "frame-ancestors 'self'".

This is the keycloak file

import Keycloak from 'keycloak-js';
const keycloak = Keycloak({
  url: 'http://localhost:8080/auth',
  realm: "keycloak-react-auth",
  clientId: "react",
});

export default keycloak;

Version of install of keycloak and react:

*"@react-keycloak/web": "^3.4.0",

"react": "^17.0.1",*

I also saw that in this StackOverflow question, the solution can be if you use this parameter checkLoginIframe: false, but TypeScript says that this attribute is not recognised in the Keycloak object

Illyrian
  • 429
  • 4
  • 16
  • That looks like you are trying to login in the iframe. Generally, iframing should be disabled for the auth. Also use PKCE flow for SPA app. – Jan Garaj Jun 29 '22 at 19:54

2 Answers2

2

At the Realm Configuration -> Security Defences -> Content-Security-Policy

 frame-src 'self'; frame-ancestors 'self' http://localhost:3000; object-src 'none';
Illyrian
  • 429
  • 4
  • 16
1

In my case, the environment variable KC_HOSTNAME was set to a different address from the one I was trying to access the keycloak web console.

If you are running keycloak in a container, add this to your Dockerfile:

ENV KC_HOSTNAME=localhost
A.Casanova
  • 555
  • 4
  • 16