Hi everyone,

We even had to remove zoid from our project because our partners code triggered this error. I assume this can be an issue not only for us according to above posts.

Our partners seems to use Auth0 popup where window.open has been called without a URL..

Thanks

Hello,

I have the same problem with oidc-client-ts which open a popup with window.open and undefined url: TypeError: Cannot read properties of undefined (reading ‘match’”)).

https://github.com/authts/oidc-client-ts/blob/6937ed3128d02a0dfa5bc81aadec2d74cbed650c/src/navigators/PopupWindow.ts#L34

It is possible to add a check on window.open to test if url is defined or an url is mandatory for zoid use ? From the documentation, window.open can be called without an url

• Add missing error handling when validating the SAML response. We noticed this when saml assertion was not encrypted which would lead to a hanging request.

Of course, it was my fault because the parent and child component tags didn't match perfectly!

<!DOCTYPE html> <html> <head> <title>Parent</title> <script src="https://cdnjs.cloudflare.com/ajax/libs/zoid/9.0.44/zoid.min.js"></script> <script> // Create the Zoid component var MyComponent = zoid.create({ tag: 'my-component', url: '/child3' // Make sure this URL points to your child.html }); </script> </head> <body> <h1>Parent Page</h1> <!-- Container to render the Zoid component --> <div id="my-container"></div>

<script>
    // Render the Zoid component
    MyComponent().render('#my-container');
</script>

</body> </html>

CHILD: <!DOCTYPE html> <html> <head> <title>Child</title> <script src="https://cdnjs.cloudflare.com/ajax/libs/zoid/9.0.44/zoid.min.js"></script> <script> // Create the Zoid component on the child as well zoid.create({ tag: 'my-component' }); </script> </head> <body> <h1>Child Page</h1> </body> </html>

I've tried a few minimalist examples but the parent never renders the iframe. In this example I see my "Parent Page" html rendered, I see the iframe box, though the pre-rendering spinner just spins and the page is never shown. I can see the 200 response from /helloworld. No console errors. No network errors. Full refresh. Not sure where to look. Tried firefox, chrome, etc. I couldn't even see a sample js fiddler to try as a base.

Maybe these cnds are old? <!DOCTYPE html> <html lang="en"> <head> <meta charset="UTF-8"> <script src="https://cdnjs.cloudflare.com/ajax/libs/zoid/9.0.63/zoid.min.js"></script> <title>Parent Page</title> <script> var MyBasicComponent = zoid.create({ tag: 'my-basic-component', url: 'http://127.0.0.1:5001/helloworld' }); </script> </head> <body> <main> Parent Page <div id="parent-container"></div> </main> <script> MyBasicComponent().render('#parent-container'); </script> </body> </html>

It just seems to stick at zoid-invisible If I put the iframe to zoid-visible manually I can see the page rendered. I suppose there's a create parameter I'm not setting?

I've tried a few minimalist examples but the parent never renders the iframe. In this example I see my "Parent Page" html rendered, I see the iframe box, though the pre-rendering spinner just spins and the page is never shown. I can see the 200 response from /helloworld. No console errors. No network errors. Full refresh. Not sure where to look. Tried firefox, chrome, etc. I couldn't even see a sample js fiddler to try as a base.

Maybe these cnds are old?

<!DOCTYPE html> <html lang="en"> <head> <meta charset="UTF-8"> <script src="https://cdnjs.cloudflare.com/ajax/libs/zoid/9.0.63/zoid.min.js"></script> <title>Parent Page</title> <script> var MyBasicComponent = zoid.create({ tag: 'my-basic-component', url: 'http://127.0.0.1:5001/helloworld' }); </script> </head> <body> <main> <h1>Parent Page</h1> <div id="parent-container"></div> </main> <script> MyBasicComponent().render('#parent-container'); </script> </body> </html

We can try releasing a beta or canary version of this package and link that in for testing locally. We'll need to pair with SSO on using an unencrypted response.

any way to test this?

I hope we are not silencing the error later in the code flow. does it make sense to add console.error (if we are not sure if it's throwing error or not)

• Add missing error handling when validating the SAML response. We noticed this when saml assertion was not encrypted which would lead to a hanging request.