Local internet identity failure

Developers
1

Since two days I’m getting the following error using Internet Identity canister locally (dev-build) from within my app:
Screenshot 2023-02-19 at 09.39.10

Console logs:

index.js:331 Refused to connect to 'http://icp-api.io/api/v2/status' because it violates the following Content Security Policy directive: "connect-src 'self' https://identity.internetcomputer.org https://icp-api.io https://*.icp0.io https://*.ic0.app".

I’m quite sure that I did not change anything in the code related to II recently…

Does anyone have the same issue?

1 Like
2

I’ve got a small idea why but, not sure how to resolve it so I’ll forward your question to the II team to be sure they notice it.

Meanwhile, maybe I ask how you deploy II locally? Maybe you can “just” pin an older commit version and it should unblock you.

3

Thanks for forwarding to the team!

I’m simply using the latest dev-build to instanciate the canister locally:

"internet_identity": {
    "type": "custom",
    "candid": "https://github.com/dfinity/internet-identity/releases/latest/download/internet_identity.did",
        "wasm": "https://github.com/dfinity/internet-identity/releases/latest/download/internet_identity_dev.wasm",
            "remote": {
                "id": {
                    "ic": "rdmx6-jaaaa-aaaaa-aaadq-cai"
                }
          },
            "frontend": {}
 }

Might it be related to the ic0.app blacklist issue?

4

I would bet indeed that it’s related to last week work about the new domain internetcomputer.org, like a side effect.

Instead of https://github.com/dfinity/internet-identity/releases/latest/download/... try to pin a previous release.

e.g. release-2023-02-12_2:

"internet_identity": {
    "type": "custom",
    "candid": "https://github.com/dfinity/internet-identity/releases/download/release-2023-02-12_2/internet_identity.did",
        "wasm": "https://github.com/dfinity/internet-identity/releases/download/release-2023-02-12_2/internet_identity_dev.wasm",
            "remote": {
                "id": {
                    "ic": "rdmx6-jaaaa-aaaaa-aaadq-cai"
                }
          },
            "frontend": {}
 }

p.s.: not sure I got above github urls correct but you get the idea

5

I tried release https://github.com/dfinity/internet-identity/releases/download/release-2023-02-12_2/internet_identity_dev.wasm but same result…

What really puzzles me is that using https://github.com/dfinity/internet-identity/tree/main/demos/using-dev-build as a demo application for local internet identity works fine, but the same approach from within our app fails…

6

Oh I was almost expecting that pinning the version would solve it :disappointed_relieved:.

I read the error message again and the issue is clear to me now.

index.js:331 Refused to connect to 'http://icp-api.io/api/v2/status' because it violates the following Content Security Policy directive: "connect-src 'self' https://identity.internetcomputer.org https://icp-api.io https://*.icp0.io https://*.ic0.app".

It says something tries to connect to http://icp-api.io/... but the CSP allows “only” https://icp-api.io

i.e. http vs https

That said, now sure where the call is made and why it goes through http instead of https :man_shrugging:

7

Yes, I noticed that, however this url is not something we can configure in our app, it‘s somewhere within II wasm I guess…

8

Maybe indeed, let’s see what team says…

9

Hi @p_d ,

TL;DR: do you use 0.0.0.0 for deployment? If so, apologies, we’ll fix this soon.

We changed some of the logic for figuring out what endpoint to use for the IC, but it looks like we’ve broken something. Here’s the logic for local development:

  if (
    location.host === "127.0.0.1" ||
    location.hostname.endsWith("localhost")
  ) {
    // If this is a local deployment, then assume the api and assets are collocated
    // and use this asset (page)'s URL.
    return location.protocol + "//" + location.host;
  }

Effectively this means “if the URL is 127.0.0.1 or ends with localhost then assume the API is a local replica served at that same URL”. In production, it should be using https://icp-api.io instead:

  // In general, use the official IC HTTP domain.
  return location.protocol + "//" + IC_API_DOMAIN;

See the source here. We tried to reuse some logic from agent-js but evidently we got something wrong.

@p_d what do you have in your address bar when the issue happens? I’m guessing you’re neither on localhost nor on 127.0.0.1? Maybe 0.0.0.0? I didn’t think of that.

Either way, you probably should pin your version of II as @peterparker suggested!

10

Hi @nmattia, thanks for your support!

My local frontend app is running on http://127.0.0.1:8080 (webpack server) and http://127.0.0.1:4943/?canisterId=ryjl3-tyaaa-aaaaa-aaaba-cai (local replica). The corresponding redirect to local II is to http://127.0.0.1:4943/?canisterId=rkp4c-7iaaa-aaaaa-aaaca-cai#authorize.

So if my understanding is right this should work, isn’t it?

I’m using now release-2023-02-17 which works, I just had to ensure that the old canister was really deleted (dfx canister delete --all) when switching the II version…

11

Hmmm, after having deleted all my canisters (dfx canister delete --all) it seems to work now also with the latest release.

I’m feeling kind of stupid now, but I guess there was something wrong in my local replica and without deleting all canisters I couldn’t fix it, even with pinning a older release…

Anway, I think it should be all fine now, sorry for this issue!

1 Like
12

Hah, that’s odd!

Well, good thing it works. I think it’s still worth fixing the issue for 0.0.0.0, even though it doesn’t seem to be why you had issues…

Anyway, let us know if anything else comes up!

1 Like
13

FYI @nmattia, today Joao on discord had the exact same issue and also solved it by deleting all canisters :man_shrugging:

https://discord.com/channels/748416164832608337/748416164832608341/1093910297204490260

1 Like
14

Anywhere I can find a functioning II repo? :sweat_smile:
can not find any branch auth-client-demo that will give a local deployment.
Unable to find the doesn’t direct to a valid II endpoint.
have the ports changed?

15

image
image1184×614 70.5 KB

everything except spa.js is loaded in the redirect.

16

Are you looking for this? GitHub - dfinity/internet-identity: Internet Identity, a blockchain authentication system for the Internet Computer

17

Actually that’s where I am at rn. Thank you !
Build works.
But still haven’t checked the test cases and integration.
any idea why the above doesn’t work?

18

Hmmm, I facing the same issue now with my application when running it locally but found out that it only occurs in Chrome browser. In Safari it works fine!

What really puzzles me is that using https://github.com/dfinity/internet-identity/tree/main/demos/using-dev-build as a demo application for local internet identity works fine, but the same approach from within our app fails. I tried to clean the cache, delete all canisters, delete localStorage in the browser, etc., but no luck…

Anyone else having this problem?

19

followed through up until here using a sepreate II build from Repo

but the captcha won’t load…

image
image995×659 142 KB

20

I don’t. Can you reproduce the issue you are encountering with a sample repo as well?