Welcome to the LimeSurvey Community Forum

Ask the community, share ideas, and connect with other LimeSurvey users!

BUG in config.php, cross-domain cookies don't work

  • gtardy
  • gtardy's Avatar Topic Author
  • Offline
  • New Member
  • New Member
More
4 years 9 months ago #185967 by gtardy
There is a problem when the survey runs through an iframe :
www.domain-b.com/survey.html
contains an iframe that points to...
www.domain-a.com/survey/index.php/123456?lang=fr

Indeed, in test mode this results in a 401 error, and when live the survey's Next button doesn't work.

application/config/config-defaults.php contains a string that is supposed to enable what I was looking for :

/**
* Sets if any part of LimeSUrvey may be embedded in an iframe
* Valid values are allow, sameorigin
* Default: allow
* Recommended: sameorigin
* Using 'deny' is currently not supported as it will disable the theme editor preview and probably file upload.
*/
$config = 'allow';

I also tried to add an optional setting ( manual.limesurvey.org/Optional_settings ) to config.php :

// Set the domain for cookie
'session'=>array(
'cookieParams'=>array(
'domain'=>'.domain-b.com',
),
),

That didn't change a thing. As before, cookies are being set on the other domain.
The topic has been locked.
  • DenisChenu
  • DenisChenu's Avatar
  • Offline
  • LimeSurvey Community Team
  • LimeSurvey Community Team
More
4 years 9 months ago #185973 by DenisChenu
1. It work for 2 user here
2. Bug report must be done at our mantis : www.limesurvey.org/community/bug-tracker
3. Cross domain policy are on GUI : manual.limesurvey.org/Global_settings#Security

Assistance on LimeSurvey forum and LimeSurvey core development are on my free time.
I'm not a LimeSurvey GmbH member, professional service on demand , plugin development .
I don't answer to private message.
The topic has been locked.

Lime-years ahead

Online-surveys for every purse and purpose