- Posts: 18
- Thank you received: 0
Welcome to the LimeSurvey Community Forum
Ask the community, share ideas, and connect with other LimeSurvey users!
Using the survey in an iFrame (Csrf issue)
- rasheed
- Topic Author
- Offline
- New Member
I have been using my limesurvey in an iFrame for years. Recently it started showing (Bad Request - CSRF token..) error.
I went through some feedbacks in the forum and i did set 'enableCsrfValidation'=>false in my config file. Now it's showing another problem which is session expired.
I will be grateful if someone please can help ?
Thank you so much !
- DenisChenu
- Offline
- LimeSurvey Community Team
- Posts: 13597
- Thank you received: 2487
Assistance on LimeSurvey forum and LimeSurvey core development are on my free time.
I'm not a LimeSurvey GmbH member, professional service on demand , plugin development .
I don't answer to private message.
- rasheed
- Topic Author
- Offline
- New Member
- Posts: 18
- Thank you received: 0
Unfortunately the iFrame is on another website which i don't have access to his code.
- DenisChenu
- Offline
- LimeSurvey Community Team
- Posts: 13597
- Thank you received: 2487
No : you need to update your limesurvey config.php file, not the other website.Thank you so much for your feedback.
Unfortunately the iFrame is on another website which i don't have access to his code.
If you don't have access to your limesurey config.php : you must ask to your hoster
Assistance on LimeSurvey forum and LimeSurvey core development are on my free time.
I'm not a LimeSurvey GmbH member, professional service on demand , plugin development .
I don't answer to private message.
- rasheed
- Topic Author
- Offline
- New Member
- Posts: 18
- Thank you received: 0
I modified the config file as you can see below. The survey link still works fine but when displayed in the iFrame i get the following error:
Internal Server Error
Property "CHttpCookie.samesite" is not defined.
An internal error occurred while the Web server was processing your request. Please contact the webmaster to report this problem.
Here is my current config file:
return array(
'components' => array(
'db' => array(
'connectionString' => 'mysql:host=localhost;port=3306;dbname=xxxx_go;',
'emulatePrepare' => true,
'username' => 'xxxxxxx',
'password' => 'xxxxxx',
'charset' => 'utf8',
'tablePrefix' => 'lime_',
),
'session' => array (
'sessionName'=>'LS-VBXZZORFJZCAKGYI',
// Uncomment the following lines if you need table-based sessions.
// Note: Table-based sessions are currently not supported on MSSQL server.
// 'class' => 'application.core.web.DbHttpSession',
// 'connectionID' => 'db',
// 'sessionTableName' => '{{sessions}}',
'cookieParams' => array(
'secure' => true,
'httponly' => true,
'samesite' => 'None',
),
),
'request' => array(
'enableCsrfValidation'=>true,
'csrfCookie' => array(
'samesite' => 'None',
'secure' => true,
),
),
// Uncomment the following line if you need table-based sessions
// 'session' => array (
// 'class' => 'system.web.CDbHttpSession',
// 'connectionID' => 'db',
// 'sessionTableName' => '{{sessions}}',
// ),
'urlManager' => array(
'urlFormat' => 'get',
'rules' => require('routes.php'),
'showScriptName' => true,
),
),
// Use the following config variable to set modified optional settings copied from config-defaults.php
'config'=>array(
// debug: Set this to 1 if you are looking for errors. If you still get no errors after enabling this
// then please check your error-logs - either in your hosting provider admin panel or in some /logs directory
// on your webspace.
// LimeSurvey developers: Set this to 2 to additionally display STRICT PHP error messages and get full access to standard templates
'debug'=>0,
'debugsql'=>0 // Set this to 1 to enanble sql logging, only active when debug = 2
)
);
- DenisChenu
- Offline
- LimeSurvey Community Team
- Posts: 13597
- Thank you received: 2487
bugs.limesurvey.org/view.php?id=16769
github.com/LimeSurvey/LimeSurvey/commit/...e910598d942615b1dd0f
github.com/LimeSurvey/LimeSurvey/commit/...9661a5bb5aaf1678069d
Assistance on LimeSurvey forum and LimeSurvey core development are on my free time.
I'm not a LimeSurvey GmbH member, professional service on demand , plugin development .
I don't answer to private message.
- DenisChenu
- Offline
- LimeSurvey Community Team
- Posts: 13597
- Thank you received: 2487
'request' => array( 'enableCsrfValidation'=>true, 'csrfCookie' => array( 'sameSite' => 'None', 'secure' => true, ), ),
sameSite
Assistance on LimeSurvey forum and LimeSurvey core development are on my free time.
I'm not a LimeSurvey GmbH member, professional service on demand , plugin development .
I don't answer to private message.