We're using Google One Tap + button. Opening a prompt and rendering a button is made in JS-code. Email reffers to this documentation https://developers.google.com/identity/gsi/web/guides/fedcm-migration#cross_origin but since We do every thing in JS-code I can't add allow="identity-credentials-get" attribute manually. Also, We do not have any Iframes that contains google sign-in. What should we do to solve the issue?
I tried to add allowedParentOrigin but One Tap stopped opening at all.
2 Answers 2
The allow="identity-credentials-get" should be added on the Iframe that embeds the One Tap element. There are chances that other websites (not from your company) embedded your page, so it triggered the detection that outlined in the email you received from Google. In that case, there isn't much you can do on your site other than prepare for inquiries from your developers on the One Tap prompt not displayed. See this section.
Another way can help you to identify the pages that you may use iframe to call One Tap is to open Chrome's Developer Tools -> Console. You should see a warning in the Console if One Tap detects it is being called by cross-origin iframe. enter image description here
Finally, you should refer to Test and verify your migration section to ensure users can sign in/up to your site.
1 Comment
I received the same email from Google and am facing the exact issue. I'm not using any iframes for Google one-tap and have implemented it via JavaScript. Any help to solve this issue?