# Blocked Monkey Patching

If you are seeing this page, it means that you have enabled [oidc-spa’s custom exfiltration defense mechanisms](/docs/v8/resources/token-exfiltration-defence.md), but they conflict with one or more libraries used in your application.

For these defenses to be effective, oidc-spa must ensure that certain sensitive browser APIs (such as `window.fetch`) have not been modified. Unfortunately, there is no reliable way to distinguish between APIs that were monkey-patched by a legitimate dependency and those altered as part of an NPM supply-chain or XSS attack. Allowing exceptions would weaken the guarantees provided by the defense, so oidc-spa does not support whitelisting or bypassing these checks.

As a result, there is currently no workaround. If you cannot remove or replace the libraries that interfere with these checks, the only option is to disable the custom exfiltration defenses.

However: You can probably enable DPoP and get most of the security benfit you get when enabling oidc-spa's custom security defences.

{% content-ref url="/pages/23aQZwCqT2UW3YgpY1gx" %}
[DPoP](/docs/v8/features/dpop.md)
{% endcontent-ref %}


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.oidc-spa.dev/docs/v8/resources/blocked-monkey-patching.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.