Error handling

If Fullscript.js is not configured properly, or is attempting to access resources it’s not permitted to, an error page is rendered and the error details are sent to the browser’s console.

Errors look similar to this: (left: browser view. right: console window.)

Side by side screen captures of the browser with a message "Oops, Looks like we ran into an error." and the corresponding browser console panel.

Here are the most common errors you may encounter with instructions for resolving them.

  • INVALID_SECRET_TOKEN: The secret_token was invalid or missing.

    The session grant used to authorize the user is missing or invalid.

    • Verify that you’re using the secret token from a fresh session grant (they are one-time use).
    • Verify that the secret token isn’t expired (remember, it has a 120 second timeout).
    • Confirm that you’re retrieving the session grant from the same Fullscript target environment that you’re trying to use it with.
  • Refused to frame 'http://localhost:3000/' because an ancestor violates the following Content Security Policy directive: "frame-ancestors 'none'".

    There are a few reasons this can happen.

    • Verify that your publicKey is valid and is for the correct Fullscript target environment
    • Check that your domain and port number exactly match one of the domains in the “Origin URI” whitelist you set in the Fullscript API Dashboard.
  • Error: Could not find the mount point for the iframe.

    Fullscript.js failed to find the mount point you added to your DOM.

    • Is the mount point’s id spelled correctly? And is there just one instance of it?
    • Have you waited for the DOM to load before trying to find the mount point?
  • A CORS (cross-origin resource sharing) error when accessing the OAuth authorize endpoint.

    Ensure you’re not trying to fetch() the Fullscript OAuth url. Instead, redirect the browser to the authorize endpoint.