Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1250
Views
1
Helpful
1
Replies

Standalone load of redirect-domain, for Ad Block allowlisting

Go to solution
mcint
Level 1
Level 1

‎10-05-2020 03:55 PM

Greetings! I have a problem using Duo, in my browsers with uBlock Origin or similar installed, including Safari, Chrome, Brave, and Firefox. Seeking a reply body or blog post link with more information.

Issue

I would like to “Remember for 30 days”, but cannot.

On the 2nd-factor iframe embed, cookies cannot be used (to “remember for 30 days”), because I have not approved the Duo domain, api-XXXXXX .duosecurity.com, (and cannot easily(?) do so). I’m seeing the issue in Safari (14) with Ghostery, which may not properly handle trusting embeds of a trusted site (Duo) within a trusted site (my auth provider).

Key point of confusion

Since the Duo hostname is api-[hexchars] .duosecurity.com, I’m not clear whether the subdomain is a unique (v-)host for my whole company, or just a random API endpoint. And I don’t feel confident enough guessing what your architecture constraints are for security & external integration.

Hmm, Discourse redacts this automatically, but it’s also publicly accessible. I guess other domains of that style are a risk to share.

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Amy2
Level 5
Level 5

‎10-09-2020 08:59 AM

Hi @mcint,

Your Duo hostname is unique to your account and used to configure Duo applications. It should not be shared. That’s why it was redacted automatically We put a filter on the Duo Community to help prevent anyone from accidentally posting information such as the integration key, secret key, or API hostname.

The issue you describe here of not being able to use the “Remember me for 30 days” feature is due to cookies being blocked as you’ve noted. We have a help article that explains how to solve this issue by adding an exception for Duo-served cookies, and the process varies by browser. Safari does not provide a mechanism to allow an exception for specific sites. However, you can globally allow all third-party cookies. While not ideal, we’re working on a solution for this, and in the meantime hopefully the current workaround helps you!

View solution in original post

1 Reply 1

Go to solution
Amy2
Level 5
Level 5

‎10-09-2020 08:59 AM

Hi @mcint,

Your Duo hostname is unique to your account and used to configure Duo applications. It should not be shared. That’s why it was redacted automatically We put a filter on the Duo Community to help prevent anyone from accidentally posting information such as the integration key, secret key, or API hostname.

The issue you describe here of not being able to use the “Remember me for 30 days” feature is due to cookies being blocked as you’ve noted. We have a help article that explains how to solve this issue by adding an exception for Duo-served cookies, and the process varies by browser. Safari does not provide a mechanism to allow an exception for specific sites. However, you can globally allow all third-party cookies. While not ideal, we’re working on a solution for this, and in the meantime hopefully the current workaround helps you!

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Quick Links
     
                  Duo Release Notes   Duo Discussion Forums      
 
 
Customers Also Viewed These Support Documents