NodeBB in inframe throws invalid csrf token

were you actually able to solve that? Running into a very related problem here (Nodebb running in an iframe, authenticated through session-sharing plugin. Users are logged in but any interaction results in an 403 / invalid csrf token... I'm running the board on a different domain than the embedding page.