Hey.
I have problem with my Limesurvey installation (version 3.22.19).

I have a small "navigation app" (it's actually just a web interface) that helps participants navigate through various surveys. The surveys are integrated in the interface via iframe. Recently, however, problems have been occurring. The first page of the survey (welcome text) is displayed normally, but as soon as I click on "Next", an error message appears: "400: Bad Request - The CSRF token could not be verified. (see screenshot, but it is in German).

I don't really know what to do next. About a week ago everything was still working.
IFrame is allowed in the global settings. I haven't really changed anything else.
Also, these warnings in the second screenshot arrise - but unfortunately I don't know what to do with the corresponding files of the Limesurvey instance.

Does anyone have any idea what the problem could be?

Thank you!

What happens if you access the surveys directly?

Ah, sorry, I totally forgot that part. When opening directly, everything runs perfectly - the survey can be done without any problems. So it seems to be a problem with the integration / or my webserver / or anything. But this is beyond my knowledge ...
I'm sorry if I'm in the totally wrong place here and the problem is more to do with the app/interface! Just thought I would check all the possibilities.

Are surveys on a different domain then the main app who holds the iframe?

This is possible because the csrf cookie is not getting saved on the browser and hence posts are rejected.

Making LS a subdomain of the main app will probably fix it.

Thank you Gabriel for your reply!
Sounds like a great and simple idea. Unfortunately, it's not possible to load LS on the same domain - as the app is not using my own server ...
Is it possible to save the csrf cookie manually or anything?
But still thank you, great help

Hmm...I have never run into that CSRF problem when inserting surveys in iframes.

Try this survey on my server (version 3.22.19) in an iframe - partnersurveys.com/limesurvey3x/index.php/914872?lang=en .

Hey tpartner! Thank you for the link. It is working with your survey ... that's good to know, it's possible. So it has to do with my LimeSurvey installation or what do you think?
Or my webserver? Like a "false" .htaccess file that has problem with the iframes? It's probably not the right forum for this question, but I'm a newbie.

Maybe you could do a subdomain through an A record on the DNS Zone?

If it was working a week ago and you made no changes to LimeSurvey, try contacting you hosting provider support or server admin to see what changes were made.

Thank you for the help!!
It seems to work with 3.19 ... so probably I updated my LimeSurvey and forgot to check the app integration.
I installed the older version on another webspace. Is it possible to see which changes where made between the two versions (3.19 - 3.22)? So maybe I can find the "error" (probably, it's not an error, but more an improved security policy) and change it in 3.22?

The release notes are here - github.com/LimeSurvey/LimeSurvey/blob/ma...cs/release_notes.txt

But my test survey that you said worked is on version 3.22.19 so I don't think that the version is the problem.

You're right, that's strange ...
I transferred all my surveys to the older version 3.19.3 and it's working now. Still don't know what the problem is/was, but I'm satisfied as long as the participants can fill out the surveys now.
Thank you for all the help