CORS - Uncaught TypeError: Cannot read properties of null (reading 'postMessage')

[floxrot]

Hi i have an error on a new project.
The Popup Window /auth-callback/ can't send a message to the main window because the orgin call for the Window comes not from the main Window /admin/ but from https://login.microsoftonline.com/common/oauth2/. Because of the CORS the window.opener is null and throw this error in hte /auth-callback/ console.

Have anybody a workaround? Or will i configure the Webserver to allow Cross Orgin and have a potentiel security risk?

[lisabutti]

I struggle with the same issue. So would also be interested in a solution.

[binste]

Had the same issue and for me it was caused by the new setting SECURE_CROSS_ORIGIN_OPENER_POLICY in Django 4. If you set it to None, the popup window again has a reference to the main window and it worked. However, I'd prefer to not disable this security feature. Maybe the Redirect based authentication flow could be used?

[lisabutti]

This fixed my issue, thanks!