just like a content copy protection on wordpress
NodeBB in inframe throws invalid csrf token
-
I would like to ask for help in case of receiving "invalid csrf token" exception during user login when NodeBB is used from iframe.
I added headers in Settings -> Advanced -> Headers
Request for
/loginthrows403 Forbiddenand in the logs I'm receiving/login invalid csrf tokenCould you give me a hint what I could additionally check / in what place I could search possible problem? Just let me know if I could add more detailed information / logs. Thanks!
-
What headers did you add?
-
@pitaj In test environment I'm using two addresses:
- http://192.168.1.15/forum - for forum
- http://widget.internal - for page with iframe, hosts entry to http://192.168.1.15
Below headers settings:
-
Do you get the same error if you access it outside the iframe?
I think in many of those headers NodeBB will ignore it if you set it to
*, rather than allowing anything. -
@pitaj No, outside iframe everything is working.
Tested with and without
*, also tried to write direct values / domains into fields. Each time the same result.Also it looks that csrf token is sending in login request.
I suspect that problematic could be cookies, but can't find direct reason. That's why I'm asking for help.
