CSRF TOKEN while using I-Frame

SaifNeon · December 18, 2023, 5:46am

Expected behavior:

As I am using Iframe on web allowing zammad to be accessed through HTML of another site. It should allow user to create and login into Zammad site through Iframe. And perform action through that site

Actual behavior:

As I am using I frame , Everything seems fine I am able to see site and everything. But once I try to login via site it gives me CSFR token error and dont allow me to do further actions

Steps to reproduce the behavior:

Using I frame on site and access Zammad wont access login if I try to

tschaefer · December 19, 2023, 7:40am

Hi @SaifNeon,

to prevent Cross Site Request Forgery attacks as described in your scenario, we set the header X-Frame-Options: SAMEORIGIN. The iframe you are using does not match the allowed origin.

This is a security feature and will not be broken.

Cheers,

Tobias

SaifNeon · December 19, 2023, 7:52am

I have done it and if I set it to SAMEORGIN will not allow me to access IFRAME
.

system · December 13, 2024, 7:53am

This topic was automatically closed 360 days after the last reply. New replies are no longer allowed.