Packages:
@azure/msal-node: ^2.6.4electron: 21.1.1
I am trying to configure an authorization code flow with PKCE. For that - I am spawning a new window in electron and go through the MS login flow. I have 2FA enabled so when I get to the last step and enter the code in the MS Authentication app on my phone I see in the debug console of the electron app the following error:
Refused to send form data to 'https://login.microsoftonline.com/common/SAS/ProcessAuth' because it violates the following Content Security Policy directive: "form-action 'self' http https ws wss https: *.microsoftonline.com".
I looked through the CSP: form-action mozilla documentation and as you can see above - updated my CSP policy to include everything I could think of to make this work, however, to no avail.
Here is my full current CSP policy
const contentSecurityPolicy = [
"default-src 'self' https:",
"script-src * 'unsafe-inline' 'unsafe-eval' https:",
"connect-src * 'unsafe-inline' https:",
"font-src 'self' https:",
"form-action 'self' 'unsafe-inline' 'unsafe-eval' ws: wss: http: https: data: mediaStream: blob: filesystem: *.microsoftonline.com",
"img-src 'self' blob: data: https:",
"style-src 'self' 'unsafe-inline' https:"
];
There is also some warning on the mozilla's documentation page about form-action and browser support for re-directs, but I admin I don't fully understand it. Surely there must be a way to make it work in electron.