I would like to ask for help in case of receiving "invalid csrf token" exception during user login when NodeBB is used from iframe.
I added headers in Settings -> Advanced -> Headers
403 Forbiddenand in the logs I'm receiving
/login invalid csrf token
Could you give me a hint what I could additionally check / in what place I could search possible problem? Just let me know if I could add more detailed information / logs. Thanks!
@pitaj No, outside iframe everything is working.
Tested with and without
*, also tried to write direct values / domains into fields. Each time the same result.
Also it looks that csrf token is sending in login request.
I suspect that problematic could be cookies, but can't find direct reason. That's why I'm asking for help.
were you actually able to solve that? Running into a very related problem here (Nodebb running in an iframe, authenticated through session-sharing plugin. Users are logged in but any interaction results in an 403 / invalid csrf token... I'm running the board on a different domain than the embedding page.