[openstreetmap/openstreetmap-website] Add Cross-Origin-Opener-Policy header (2ff4d6a)
Emilio Mariscal
notifications at github.com
Mon Jul 7 20:40:48 UTC 2025
> So in the case of https://osmlab.github.io/osm-auth/ it looks like the problem is that final redirect page is trying to access the parent page to pass the authorization code back but I can't see any value for the COOP header that would allow that while not allowing the parent to interfere with the authorisation window.
>
> I don't know about Rapid or Overpass but the user experience of that osm-auth popup is absolutely horrible in any case...
While I agree that the popup UX is not good, this is breaking login in several wide-used tools. Could this change be reverted, make an announcement and give some time so dev teams can adjust their tools and move from a popup to a redirect?
--
Reply to this email directly or view it on GitHub:
https://github.com/openstreetmap/openstreetmap-website/commit/2ff4d6a4e633e479568572090eb6a16074103cd9#commitcomment-161619696
You are receiving this because you are subscribed to this thread.
Message ID: <openstreetmap/openstreetmap-website/commit/2ff4d6a4e633e479568572090eb6a16074103cd9/161619696 at github.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstreetmap.org/pipermail/rails-dev/attachments/20250707/2fa4e2b7/attachment.htm>
More information about the rails-dev
mailing list