Your don't need the header in your template. You need to add it like this:router.get('/calendar', middleware.buildHeader, renderPageHandler); router.get('/api/calendar', renderPageHandler);
NodeBB in inframe throws invalid csrf token
I would like to ask for help in case of receiving "invalid csrf token" exception during user login when NodeBB is used from iframe.
I added headers in Settings -> Advanced -> Headers
403 Forbiddenand in the logs I'm receiving
/login invalid csrf token
Could you give me a hint what I could additionally check / in what place I could search possible problem? Just let me know if I could add more detailed information / logs. Thanks!
What headers did you add?
Do you get the same error if you access it outside the iframe?
I think in many of those headers NodeBB will ignore it if you set it to
*, rather than allowing anything.
@pitaj No, outside iframe everything is working.
Tested with and without
*, also tried to write direct values / domains into fields. Each time the same result.
Also it looks that csrf token is sending in login request.
I suspect that problematic could be cookies, but can't find direct reason. That's why I'm asking for help.