- Posts: 6
- Thank you received: 0
Welcome to the LimeSurvey Community Forum
Ask the community, share ideas, and connect with other LimeSurvey users!
CSRF token problem, Can I embed to WordPress website
7 months 1 week ago #231079
by fliqper
CSRF token problem, Can I embed to WordPress website was created by fliqper
Please help us help you and fill where relevant:
Your LimeSurvey version: [see right hand bottom of your LimeSurvey admin screen]
Own server or LimeSurvey hosting:
Survey theme/template:
==================
(Write here your question/remark)
Your LimeSurvey version: [see right hand bottom of your LimeSurvey admin screen]
Own server or LimeSurvey hosting:
Survey theme/template:
==================
(Write here your question/remark)
The topic has been locked.
7 months 1 week ago #231086
by fliqper
Replied by fliqper on topic CSRF token problem, Can I embed to WordPress website
LimeSurvey version: LimeSurvey Cloud /// Version 5.3.29
LimeSurvey hosting, well cloud
Survey theme/template: vanilla /// admin theme: bay of many
==================
Hail to you Limesurvey champions !
I am working for the ASC, striving for sustainable and responsible Aquaculture around the world.
Briefly the problem is I am trying to find config.php on our Limesurvey Cloud, but I do not know even where to look for it or if there is one for our version.
Explanation below:
I am a data engineer and work mainly with Python and SQL, never heard of Limesurvey before, therefore I am sorry if my question is silly.
We are trying to embed one of our surveys in our WordPress website.
I added the survey link to in iFrame and used it to embed in the site with the custom HTML block, it worked but nothing was displayed.
Then I found that setting in Global settings and enabled embedding, which enabled the survey to load its starting page on our website.
BUT when I press Next to start filling the survey, here is what comes in
bang on
>>>
400: Bad RequestThe CSRF token could not be verified.The request could not be understood by the server due to malformed syntax. Please do not repeat the request without modifications.
>>>
So I did a bit of googling for that CSRF token and found out that we need to add some code inside config.php
Here is the article which explains it
manual.limesurvey.org/Optional_settings#....28New_in_3.24.3_.29
Allow session start in iframeThe session need to be secure (valid https) , httponly and samesite to None. All settings must be sent all lowercase.'session' => array (
'sessionName'=>'LS-VBXZZORFJZCAKGYI',
// Uncomment the following lines if you need table-based sessions.
// Note: Table-based sessions are currently not supported on MSSQL server.
// 'class' => 'application.core.web.DbHttpSession',
// 'connectionID' => 'db',
// 'sessionTableName' => '{{sessions}}',
'cookieParams' => array(
'secure' => true,
'httponly' => true,
'samesite' => 'None',
),
),
Allow csrf cookie in iframeSame than session: must be secure and samesite to None. Whole array must be added at same level than session
'request' => array(
'enableCsrfValidation'=>true,
'csrfCookie' => array(
'sameSite' => 'None',
'secure' => true,
),
),
The problem is that I cannot find this config.php file anywhere, honestly I do not even know where to look.
Please can you help?
LimeSurvey hosting, well cloud
Survey theme/template: vanilla /// admin theme: bay of many
==================
Hail to you Limesurvey champions !
I am working for the ASC, striving for sustainable and responsible Aquaculture around the world.
Briefly the problem is I am trying to find config.php on our Limesurvey Cloud, but I do not know even where to look for it or if there is one for our version.
Explanation below:
I am a data engineer and work mainly with Python and SQL, never heard of Limesurvey before, therefore I am sorry if my question is silly.
We are trying to embed one of our surveys in our WordPress website.
I added the survey link to in iFrame and used it to embed in the site with the custom HTML block, it worked but nothing was displayed.
Then I found that setting in Global settings and enabled embedding, which enabled the survey to load its starting page on our website.
BUT when I press Next to start filling the survey, here is what comes in
bang on
>>>
400: Bad RequestThe CSRF token could not be verified.The request could not be understood by the server due to malformed syntax. Please do not repeat the request without modifications.
>>>
So I did a bit of googling for that CSRF token and found out that we need to add some code inside config.php
Here is the article which explains it
manual.limesurvey.org/Optional_settings#....28New_in_3.24.3_.29
Allow session start in iframeThe session need to be secure (valid https) , httponly and samesite to None. All settings must be sent all lowercase.'session' => array (
'sessionName'=>'LS-VBXZZORFJZCAKGYI',
// Uncomment the following lines if you need table-based sessions.
// Note: Table-based sessions are currently not supported on MSSQL server.
// 'class' => 'application.core.web.DbHttpSession',
// 'connectionID' => 'db',
// 'sessionTableName' => '{{sessions}}',
'cookieParams' => array(
'secure' => true,
'httponly' => true,
'samesite' => 'None',
),
),
Allow csrf cookie in iframeSame than session: must be secure and samesite to None. Whole array must be added at same level than session
'request' => array(
'enableCsrfValidation'=>true,
'csrfCookie' => array(
'sameSite' => 'None',
'secure' => true,
),
),
The problem is that I cannot find this config.php file anywhere, honestly I do not even know where to look.
Please can you help?
The topic has been locked.
7 months 1 week ago - 7 months 1 week ago #231089
by tpartner
Cheers,
Tony Partner
Solutions, code and workarounds presented in these forums are given without any warranty, implied or otherwise.
Replied by tpartner on topic CSRF token problem, Can I embed to WordPress website
Please do not double-post, it wastes the time of the volunteers here.
- forums.limesurvey.org/forum/development/...th-csrf-token#231084
- forums.limesurvey.org/forum/development/...th-csrf-token#231084
Cheers,
Tony Partner
Solutions, code and workarounds presented in these forums are given without any warranty, implied or otherwise.
Last edit: 7 months 1 week ago by tpartner.
The following user(s) said Thank You: fliqper
The topic has been locked.
7 months 1 week ago #231111
by fliqper
Replied by fliqper on topic CSRF token problem, Can I embed to WordPress website
Hello Tpartner,
Sorry for reposting, I would like to delete this duplicate post, but cannot find the button, if you show me how I will delete it and will not repost again.
Thanks
Sorry for reposting, I would like to delete this duplicate post, but cannot find the button, if you show me how I will delete it and will not repost again.
Thanks
The topic has been locked.
7 months 1 week ago #231118
by tpartner
Cheers,
Tony Partner
Solutions, code and workarounds presented in these forums are given without any warranty, implied or otherwise.
Replied by tpartner on topic CSRF token problem, Can I embed to WordPress website
I'll lock this thread but leave it in place as the link to your other post may help others.
Cheers,
Tony Partner
Solutions, code and workarounds presented in these forums are given without any warranty, implied or otherwise.
The topic has been locked.