From 6999b06aefa688cc836609581363b1f58222b805 Mon Sep 17 00:00:00 2001 From: Leo Vu Date: Tue, 26 Aug 2025 14:55:51 +0700 Subject: [PATCH 1/4] Add troubleshooting guidance for Connect popup issues --- docs-v2/pages/connect/managed-auth/quickstart.mdx | 4 ++++ docs-v2/pages/connect/managed-auth/troubleshooting.mdx | 6 ++++++ 2 files changed, 10 insertions(+) diff --git a/docs-v2/pages/connect/managed-auth/quickstart.mdx b/docs-v2/pages/connect/managed-auth/quickstart.mdx index b63f389a81967..16bfbbdc5b631 100644 --- a/docs-v2/pages/connect/managed-auth/quickstart.mdx +++ b/docs-v2/pages/connect/managed-auth/quickstart.mdx @@ -97,6 +97,10 @@ npm i --save @pipedream/sdk When the user connects an account in your product, [pass the token from your backend](#generate-a-short-lived-token) and call `connectAccount`. This opens a Pipedream iFrame that guides the user through the account connection. + +If the Connect popup window doesn't open when users try to connect their accounts, set your `Cross-Origin-Opener-Policy` header to `same-origin-allow-popups`. This fixes cases where the Connect popup can't open because a default "same-origin" policy blocks popups from iframes. + + Try the interactive demo below to connect an account after generating a token in the previous step:
diff --git a/docs-v2/pages/connect/managed-auth/troubleshooting.mdx b/docs-v2/pages/connect/managed-auth/troubleshooting.mdx index c21c987b4a6a6..b5098eb8275f8 100644 --- a/docs-v2/pages/connect/managed-auth/troubleshooting.mdx +++ b/docs-v2/pages/connect/managed-auth/troubleshooting.mdx @@ -46,6 +46,12 @@ Double-check the app slug you're passing [when connecting your user's account](/ The user may have closed the OAuth popup window without completing authorization. +### Connect popup doesn't open + +If the Connect popup window doesn't open when users try to connect their accounts, this is often due to the browser's Cross-Origin-Opener-Policy blocking popups from iframes. + +Set your `Cross-Origin-Opener-Policy` header to `same-origin-allow-popups` on the page hosting Connect. This fixes cases where the Connect popup can't open because a default `"same-origin"` policy blocks popups from iframes. + If you're still have trouble or hitting an error that isn't listed here, [get in touch with us](https://pipedream.com/support). We'd love to help. From 8f92506bd413570808cecfaffe9f399991d76db4 Mon Sep 17 00:00:00 2001 From: Leo Vu Date: Tue, 26 Aug 2025 14:59:46 +0700 Subject: [PATCH 2/4] Update pnpm-lock --- pnpm-lock.yaml | 16 ++++------------ 1 file changed, 4 insertions(+), 12 deletions(-) diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml index 648cf983f4324..16e37a4b24703 100644 --- a/pnpm-lock.yaml +++ b/pnpm-lock.yaml @@ -16589,14 +16589,6 @@ importers: specifier: ^6.0.0 version: 6.2.0 - modelcontextprotocol/node_modules2/@modelcontextprotocol/sdk/dist/cjs: {} - - modelcontextprotocol/node_modules2/@modelcontextprotocol/sdk/dist/esm: {} - - modelcontextprotocol/node_modules2/zod-to-json-schema/dist/cjs: {} - - modelcontextprotocol/node_modules2/zod-to-json-schema/dist/esm: {} - packages/ai: dependencies: '@pipedream/sdk': @@ -32097,22 +32089,22 @@ packages: superagent@3.8.1: resolution: {integrity: sha512-VMBFLYgFuRdfeNQSMLbxGSLfmXL/xc+OO+BZp41Za/NRDBet/BNbkRJrYzCUu0u4GU0i/ml2dtT8b9qgkw9z6Q==} engines: {node: '>= 4.0'} - deprecated: Please upgrade to superagent v10.2.2+, see release notes at https://github.com/forwardemail/superagent/releases/tag/v10.2.2 - maintenance is supported by Forward Email @ https://forwardemail.net + deprecated: Please upgrade to v9.0.0+ as we have fixed a public vulnerability with formidable dependency. Note that v9.0.0+ requires Node.js v14.18.0+. See https://github.com/ladjs/superagent/pull/1800 for insight. This project is supported and maintained by the team at Forward Email @ https://forwardemail.net superagent@4.1.0: resolution: {integrity: sha512-FT3QLMasz0YyCd4uIi5HNe+3t/onxMyEho7C3PSqmti3Twgy2rXT4fmkTz6wRL6bTF4uzPcfkUCa8u4JWHw8Ag==} engines: {node: '>= 6.0'} - deprecated: Please upgrade to superagent v10.2.2+, see release notes at https://github.com/forwardemail/superagent/releases/tag/v10.2.2 - maintenance is supported by Forward Email @ https://forwardemail.net + deprecated: Please upgrade to v9.0.0+ as we have fixed a public vulnerability with formidable dependency. Note that v9.0.0+ requires Node.js v14.18.0+. See https://github.com/ladjs/superagent/pull/1800 for insight. This project is supported and maintained by the team at Forward Email @ https://forwardemail.net superagent@5.3.1: resolution: {integrity: sha512-wjJ/MoTid2/RuGCOFtlacyGNxN9QLMgcpYLDQlWFIhhdJ93kNscFonGvrpAHSCVjRVj++DGCglocF7Aej1KHvQ==} engines: {node: '>= 7.0.0'} - deprecated: Please upgrade to superagent v10.2.2+, see release notes at https://github.com/forwardemail/superagent/releases/tag/v10.2.2 - maintenance is supported by Forward Email @ https://forwardemail.net + deprecated: Please upgrade to v9.0.0+ as we have fixed a public vulnerability with formidable dependency. Note that v9.0.0+ requires Node.js v14.18.0+. See https://github.com/ladjs/superagent/pull/1800 for insight. This project is supported and maintained by the team at Forward Email @ https://forwardemail.net superagent@7.1.6: resolution: {integrity: sha512-gZkVCQR1gy/oUXr+kxJMLDjla434KmSOKbx5iGD30Ql+AkJQ/YlPKECJy2nhqOsHLjGHzoDTXNSjhnvWhzKk7g==} engines: {node: '>=6.4.0 <13 || >=14'} - deprecated: Please upgrade to superagent v10.2.2+, see release notes at https://github.com/forwardemail/superagent/releases/tag/v10.2.2 - maintenance is supported by Forward Email @ https://forwardemail.net + deprecated: Please upgrade to v9.0.0+ as we have fixed a public vulnerability with formidable dependency. Note that v9.0.0+ requires Node.js v14.18.0+. See https://github.com/ladjs/superagent/pull/1800 for insight. This project is supported and maintained by the team at Forward Email @ https://forwardemail.net supports-color@10.0.0: resolution: {integrity: sha512-HRVVSbCCMbj7/kdWF9Q+bbckjBHLtHMEoJWlkmYzzdwhYMkjkOwubLM6t7NbWKjgKamGDrWL1++KrjUO1t9oAQ==} From 4076355fc7d406788a1223117d3c10205fa746ac Mon Sep 17 00:00:00 2001 From: Leo Vu Date: Tue, 26 Aug 2025 15:10:51 +0700 Subject: [PATCH 3/4] Update docs-v2/pages/connect/managed-auth/quickstart.mdx Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com> --- docs-v2/pages/connect/managed-auth/quickstart.mdx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs-v2/pages/connect/managed-auth/quickstart.mdx b/docs-v2/pages/connect/managed-auth/quickstart.mdx index 16bfbbdc5b631..8705221ba5e83 100644 --- a/docs-v2/pages/connect/managed-auth/quickstart.mdx +++ b/docs-v2/pages/connect/managed-auth/quickstart.mdx @@ -98,7 +98,7 @@ npm i --save @pipedream/sdk When the user connects an account in your product, [pass the token from your backend](#generate-a-short-lived-token) and call `connectAccount`. This opens a Pipedream iFrame that guides the user through the account connection. -If the Connect popup window doesn't open when users try to connect their accounts, set your `Cross-Origin-Opener-Policy` header to `same-origin-allow-popups`. This fixes cases where the Connect popup can't open because a default "same-origin" policy blocks popups from iframes. +If the Connect popup window doesn't open and your site sets the Cross-Origin-Opener-Policy (COOP) header to `same-origin`, set it to `same-origin-allow-popups` on the page that embeds the Connect iframe. The default COOP is `unsafe-none`; only make this change if you explicitly enforce `same-origin`. This relaxes isolation just enough to allow trusted popups (e.g., OAuth) to open from iframes. Try the interactive demo below to connect an account after generating a token in the previous step: From 53c7698fd3ca0bc55a104045e3b72d8ad49bd195 Mon Sep 17 00:00:00 2001 From: Leo Vu Date: Tue, 26 Aug 2025 15:11:20 +0700 Subject: [PATCH 4/4] Update docs-v2/pages/connect/managed-auth/troubleshooting.mdx Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com> --- docs-v2/pages/connect/managed-auth/troubleshooting.mdx | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/docs-v2/pages/connect/managed-auth/troubleshooting.mdx b/docs-v2/pages/connect/managed-auth/troubleshooting.mdx index b5098eb8275f8..94c862e02cc64 100644 --- a/docs-v2/pages/connect/managed-auth/troubleshooting.mdx +++ b/docs-v2/pages/connect/managed-auth/troubleshooting.mdx @@ -48,10 +48,9 @@ The user may have closed the OAuth popup window without completing authorization ### Connect popup doesn't open -If the Connect popup window doesn't open when users try to connect their accounts, this is often due to the browser's Cross-Origin-Opener-Policy blocking popups from iframes. - -Set your `Cross-Origin-Opener-Policy` header to `same-origin-allow-popups` on the page hosting Connect. This fixes cases where the Connect popup can't open because a default `"same-origin"` policy blocks popups from iframes. +If the Connect popup window doesn't open when users try to connect their accounts, the host page may be enforcing the Cross-Origin-Opener-Policy (COOP) header with the value `same-origin`, which isolates the browsing context and can interfere with popups opened by cross-origin iframes. +Set the `Cross-Origin-Opener-Policy` header to `same-origin-allow-popups` on the page that embeds the Connect iframe. The default COOP is `unsafe-none`; only apply this change if you currently send `same-origin`. If you're still have trouble or hitting an error that isn't listed here, [get in touch with us](https://pipedream.com/support). We'd love to help.