box.com no longer working with SSO

OmegaPaladin · Unread post by **OmegaPaladin** » 2024-07-31, 16:24

My workplace has a Box.com subscription, and I use Single Sign On to access it. The Single Sign On site still works, and other websites needing SSO still work. However, Box.com is no longer allowing me to interface with the SSO. I'm left on a blank page with the title "Submit Form" Regardless of whether I use private browsing or not, the same error occurs.

Please note that this was working less than 24 hours ago.

Code: Select all

GET 
https://sso.services.box.net/sp/startSSO.ping
Content Security Policy: The page’s settings blocked the loading of a resource at inline (“default-src”). Source: 
        window.onload = function() {
  ....

Is there a way to override this with a Modify HTTP Response or custom script?

Unread post by **Moonchild** » 2024-07-31, 17:27

Tell box.com they should inspect their content security policy (show them the error you posted) since there seems to be an error in their policy preventing the SSO from working cross-site.

OmegaPaladin · Unread post by **OmegaPaladin** » 2024-07-31, 17:50

Naturally, the Box support forum requires SSO to post anything, which gives the exact same error.

I guess I will have to use a Chrome based browser to even post the error, since I was able to log in to Box on Brave. I'm worried they are just going to tell me to use Chrome.

That's why I was hoping to try and fix it on my side of things.

Unread post by **Moonchild** » 2024-07-31, 18:37

Well, I hope they are responsive. The issue seems to be that they are trying to use inline javascript (i.e. in the page itself) but aren't allowing it by way of their default source policy. Unfortunately I can't seem to get to an SSO login on their site and normal login with credentials or cross-auth to google both seem to work, so there's not much else I can do to help.

OmegaPaladin · Unread post by **OmegaPaladin** » 2024-08-01, 17:29

Disabling content security policy allows me to log in without issue.

I have confirmed that the main Box application still works fine, even once CSP is re-enabled.

I have contacted Box via their support forum. If you have suggestions to try in the meantime, such as tweaking some of the other settings or getting other data, please let me know.

Unread post by **Moonchild** » 2024-08-01, 17:49

OmegaPaladin wrote: ↑
2024-08-01, 17:29
If you have suggestions to try in the meantime, such as tweaking some of the other settings or getting other data, please let me know.

No, there's really not much else to do aside from temporarily disabling CSP enforcement.

OmegaPaladin · Unread post by **OmegaPaladin** » 2024-08-09, 22:05

Box.com referred me to my organization's IT department. I tried to open a ticket with them, but they just rejected it is not a mainstream browser.

This is why I always try to fix things on my side of things - IT in general does not support using Pale Moon.

Unread post by **Moonchild** » 2024-08-09, 22:32

Pity, but it is what it is. Nothing else to be done here.

Pale Moon forum

box.com no longer working with SSO

box.com no longer working with SSO

Re: box.com no longer working with SSO

Re: box.com no longer working with SSO

Re: box.com no longer working with SSO

Re: box.com no longer working with SSO

Re: box.com no longer working with SSO

Re: box.com no longer working with SSO

Re: box.com no longer working with SSO