Problem embedding to WordPress with CSRF token

More
5 months 2 weeks ago - 5 months 2 weeks ago #231075 by fliqper
LimeSurvey version: LimeSurvey Cloud /// Version 5.3.29
LimeSurvey hosting, well cloud
Survey theme/template: vanilla /// admin theme: bay of many
==================
Hail to you Limesurvey champions !
I am working for the ASC, striving for sustainable and responsible Aquaculture around the world.
Briefly the problem is I am trying to find config.php on our Limesurvey Cloud, but I do not know even where to look for it or if there is one for our version.

Explanation below:

I am a data engineer and work mainly with Python and SQL, never heard of Limesurvey before, therefore I am sorry if my question is silly.

We are trying to embed one of our surveys in our WordPress website.
I added the survey link to in iFrame and used it to embed in the site with the custom HTML block, it worked but nothing was displayed.
Then I found that setting in Global settings and enabled embedding, which enabled the survey to load its starting page on our website.
BUT when I press Next to start filling the survey, here is what comes in 
 bang on>>>
400: Bad RequestThe CSRF token could not be verified.The request could not be understood by the server due to malformed syntax. Please do not repeat the request without modifications.>>>

So I did a bit of googling for that CSRF token and found out that we need to add some code inside config.php
Here is the article which explains it

manual.limesurvey.org/Optional_settings#....28New_in_3.24.3_.29




Allow session start in iframeThe session need to be secure (valid https) , httponly and samesite to None. All settings must be sent all lowercase.

'session' => array (
'sessionName'=>'LS-VBXZZORFJZCAKGYI',
// Uncomment the following lines if you need table-based sessions.
// Note: Table-based sessions are currently not supported on MSSQL server.
// 'class' => 'application.core.web.DbHttpSession',
// 'connectionID' => 'db',
// 'sessionTableName' => '{{sessions}}',
'cookieParams' => array(
'secure' => true,
'httponly' => true,
'samesite' => 'None',
),
),


Allow csrf cookie in iframeSame than session: must be secure and samesite to None. Whole array must be added at same level than session


'request' => array(
'enableCsrfValidation'=>true,
'csrfCookie' => array(
'sameSite' => 'None',
'secure' => true,
),
),


The problem is that I cannot find this config.php file anywhere, honestly I do not even know where to look.

Please can you help?



 
Last edit: 5 months 2 weeks ago by fliqper.

Please Log in to join the conversation.

More
5 months 2 weeks ago #231078 by jelo
I'm not aware that LimeSurveyCloud users can change the config.php on their own.
There is no filesystem access exposed to do that.
As a customer you can contact the LimeSurvey support directly.

Most forums members which often answers posts here don't use the LimeSurveyCloud often.

Did you already allow IFRAME embedding in the settings available via the web?
manual.limesurvey.org/Global_settings#Security
With the tighter rules, modern browsers have in place, it's often not enough.

So open a supportticket with the changes you want to have applied to config.php.

The meaning of the word "stable" for users
www.limesurvey.org/forum/development/117...ord-stable-for-users
The following user(s) said Thank You: fliqper

Please Log in to join the conversation.

More
5 months 2 weeks ago #231080 by fliqper
Hello Jelo,
thank you so much for the reply.

I did enable IFRAME from the GUI settings yes. It is in Global>Security...

Could you send a link to where we open a support ticket, sorry I am super new to this platform.

Many thanks again!

Please Log in to join the conversation.

More
5 months 2 weeks ago #231083 by jelo
Try account.limesurvey.org/ with your forum credentials.
The support links are in the menu.

The meaning of the word "stable" for users
www.limesurvey.org/forum/development/117...ord-stable-for-users
The following user(s) said Thank You: fliqper

Please Log in to join the conversation.

More
5 months 2 weeks ago #231084 by fliqper
Thank you ever so much and have a lovely day !

Please Log in to join the conversation.

More
4 months 2 weeks ago #231776 by tvalades
did you solve the problem? I'm having the same problem but it only happens with safari. I have activated the iframe option in limesurvey and entered the code that marks the manual. In chrome I have no problem but in safari I get the error when I give the following

Please Log in to join the conversation.

Start now!

Just create your account and start using Limesurvey today.

Register now