From 2154ce946d3ccf7b365832f72ad3fb5ccf6ad569 Mon Sep 17 00:00:00 2001 From: Vadym Samoilenko Date: Fri, 20 Mar 2026 14:25:00 +0000 Subject: [PATCH] =?UTF-8?q?Add=20COOP=20header=20to=20Apache=20config=20?= =?UTF-8?q?=E2=80=94=20fix=20MSAL=20popup=20window.closed=20blocking?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit same-origin-allow-popups allows the Microsoft auth popup to communicate back to the parent window, which is required for loginPopup to work. Co-Authored-By: Claude Sonnet 4.6 --- deploy.sh | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/deploy.sh b/deploy.sh index 76f58cb4..5d2353d1 100755 --- a/deploy.sh +++ b/deploy.sh @@ -52,9 +52,16 @@ CONF="/etc/apache2/sites-enabled/optical-dev.oliver.solutions.conf" if sudo grep -q "semblance_back" "$CONF" 2>/dev/null; then echo "✓ Apache semblance config already present" + # Ensure COOP header is present (needed for MSAL popup auth) + if ! sudo grep -q "Cross-Origin-Opener-Policy" "$CONF" 2>/dev/null; then + echo "Adding COOP header for MSAL popup support..." + sudo sed -i "s|RewriteRule \^ index.html \[L\]|RewriteRule ^ index.html [L]\n Header set Cross-Origin-Opener-Policy \"same-origin-allow-popups\"|" "$CONF" + sudo apache2ctl configtest && sudo systemctl reload apache2 + echo "✓ COOP header added" + fi else echo "Adding semblance blocks to Apache config..." - sudo sed -i "s|| # ----------------------------------------------------------------\n # Semblance — Quart/Hypercorn backend at :5137\n # ----------------------------------------------------------------\n\n # WebSocket (Socket.IO)\n RewriteCond %{HTTP:Upgrade} websocket [NC]\n RewriteCond %{HTTP:Connection} upgrade [NC]\n RewriteRule ^/semblance_back/socket.io/(.*) ws://127.0.0.1:5137/socket.io/\$1 [P,L]\n\n # REST API\n ProxyPass /semblance_back/api/ http://127.0.0.1:5137/api/\n ProxyPassReverse /semblance_back/api/ http://127.0.0.1:5137/api/\n\n # Socket.IO HTTP polling fallback\n ProxyPass /semblance_back/socket.io/ http://127.0.0.1:5137/socket.io/\n ProxyPassReverse /semblance_back/socket.io/ http://127.0.0.1:5137/socket.io/\n\n # Semblance SPA\n Alias /semblance $FRONTEND_DEST\n \n Options -Indexes +FollowSymLinks\n AllowOverride None\n Require all granted\n RewriteEngine On\n RewriteBase /semblance/\n RewriteCond %{REQUEST_FILENAME} !-f\n RewriteCond %{REQUEST_FILENAME} !-d\n RewriteRule ^ index.html [L]\n \n\n|" "$CONF" + sudo sed -i "s|| # ----------------------------------------------------------------\n # Semblance — Quart/Hypercorn backend at :5137\n # ----------------------------------------------------------------\n\n # WebSocket (Socket.IO)\n RewriteCond %{HTTP:Upgrade} websocket [NC]\n RewriteCond %{HTTP:Connection} upgrade [NC]\n RewriteRule ^/semblance_back/socket.io/(.*) ws://127.0.0.1:5137/socket.io/\$1 [P,L]\n\n # REST API\n ProxyPass /semblance_back/api/ http://127.0.0.1:5137/api/\n ProxyPassReverse /semblance_back/api/ http://127.0.0.1:5137/api/\n\n # Socket.IO HTTP polling fallback\n ProxyPass /semblance_back/socket.io/ http://127.0.0.1:5137/socket.io/\n ProxyPassReverse /semblance_back/socket.io/ http://127.0.0.1:5137/socket.io/\n\n # Semblance SPA\n Alias /semblance $FRONTEND_DEST\n \n Options -Indexes +FollowSymLinks\n AllowOverride None\n Require all granted\n RewriteEngine On\n RewriteBase /semblance/\n RewriteCond %{REQUEST_FILENAME} !-f\n RewriteCond %{REQUEST_FILENAME} !-d\n RewriteRule ^ index.html [L]\n Header set Cross-Origin-Opener-Policy \"same-origin-allow-popups\"\n \n\n|" "$CONF" sudo apache2ctl configtest && sudo systemctl reload apache2 echo "✓ Apache config updated and reloaded" fi