fix: Google OAuth broken in unified docker image

api/app/settings/common.py

@@ -543,6 +543,7 @@
 
 SECURE_REDIRECT_EXEMPT = env.list("DJANGO_SECURE_REDIRECT_EXEMPT", default=[])
 SECURE_REFERRER_POLICY = env.str("DJANGO_SECURE_REFERRER_POLICY", default="same-origin")
+SECURE_CROSS_ORIGIN_OPENER_POLICY = env.str("DJANGO_SECURE_CROSS_ORIGIN_OPENER_POLICY", default="same-origin")
 SECURE_SSL_HOST = env.str("DJANGO_SECURE_SSL_HOST", default=None)
 SECURE_SSL_REDIRECT = env.bool("DJANGO_SECURE_SSL_REDIRECT", default=False)
 

docker-compose.yml

@@ -42,6 +42,10 @@ services:
       # Enable Task Processor
       TASK_RUN_METHOD: TASK_PROCESSOR # other options are: SYNCHRONOUSLY, SEPARATE_THREAD (default)
 
+      # Uncomment if you want to enable Google OAuth. Note this does not turn Google OAuth on. You still need to use
+      # Flagsmith on Flagsmith to enable it - https://docs.flagsmith.com/deployment/#oauth_google
+      # DJANGO_SECURE_CROSS_ORIGIN_OPENER_POLICY: 'same-origin-allow-popups'
+
       # For more info on configuring E-Mails - https://docs.flagsmith.com/deployment/locally-api#environment-variables
       # Example SMTP:
       # EMAIL_BACKEND: django.core.mail.backends.smtp.EmailBackend

docs/docs/deployment/index.md

@@ -566,6 +566,17 @@ Create an OAuth application in the Google Developer Console and then provide the
 }
 ```
 
+If you are using the [unified Docker image](https://hub.docker.com/repository/docker/flagsmith/flagsmith), which serves
+both the API and the frontend through Django, ensure you configure the following environment variable in your
+deployment:
+
+```
+DJANGO_SECURE_CROSS_ORIGIN_OPENER_POLICY=same-origin-allow-popups
+```
+
+For those hosting the frontend independently, make sure you set the `Cross-Origin-Opener-Policy` to
+`same-origin-allow-popups` for Google OAuth flow to work.
+
 ### Dark Mode
 
 We also have a Segment that manages the ui Dark Mode: