Error 400 CSRF token

More
4 months 3 weeks ago #231692 by tvalades
Please help us help you and fill where relevant:
Your LimeSurvey version: 5.3.29
Own server or LimeSurvey hosting: Servidor propio
Survey theme/template: personalizado_bootswatch
==================
Hola, desde la semana pasada estamos teniendo problemas con una encuesta que mostramos mediante un iframe en otro dominio. 
El error (adjunto imagen) aparece en navegador Safari y en ventanas de incógnito tanto en Chrome como en Safarihttps://ibb.co/cvWhc9nhttps://ibb.co/cvWhc9n. En navegadores Chrome se visualiza correctamente. 

Activamos la opción 'Se permiten IFrames embebidos' y 'Forzar HTTPS' del apartado Seguridad de la configuración global y añadimos el siguiente código: 

 'session' => array (
            'sessionName'=>'LS-VBXZZORFJZCAKGYI',
            // Uncomment the following lines if you need table-based sessions.
            // Note: Table-based sessions are currently not supported on MSSQL server.
            // 'class' => 'application.core.web.DbHttpSession',
            // 'connectionID' => 'db',
            // 'sessionTableName' => '{{sessions}}',
            'cookieParams' => array(
                'secure' => true,
                'httponly' => true,
                'samesite' => 'None',
            ),
         ),
        
        'request' => array(
            'enableCsrfValidation'=>true,
            'csrfCookie' => array(
                'sameSite' => 'None',
                'secure' => true,
            ),

El cual vimos en el manual  

No sabemos qué más hacer.

Gracias por la ayuda
Attachments:

Please Log in to join the conversation.

More
4 months 3 weeks ago #231701 by jelo
Replied by jelo on topic Error 400 CSRF token
Sorry, this is the English section of the LimeSurvey forum. Perhaps someone can move it to the Spanish section.

The meaning of the word "stable" for users
www.limesurvey.org/forum/development/117...ord-stable-for-users

Please Log in to join the conversation.

More
4 months 3 weeks ago #231702 by Joffm
Replied by Joffm on topic Error 400 CSRF token
Hi,
this is the English part of the forum.
So, please write English or use the Spanish part.

Esta es la parte ingles del foro.
Por favor, escribe ingles o escribe en la parte espanol.

 


Volunteers are not paid.
Not because they are worthless, but because they are priceless

Please Log in to join the conversation.

More
4 months 3 weeks ago #231705 by tvalades
Replied by tvalades on topic Error 400 CSRF token
I'm sorry, I thought I was in the Spanish forum :D
Since last week we are having problems with a survey that we display through an iframe on another domain.
The error (attached image) appears in the Safari browser and in incognito windows in both Chrome and Safarihttps://ibb.co/cvWhc9nhttps://ibb.co/cvWhc9n. In Chrome browsers it is displayed correctly.

We activate the option 'Embedded IFrames are allowed' and 'Force HTTPS' in the Security section of the global configuration and add the following code:

'session' => array (
'sessionName'=>'LS-VBXZZORFJZCAKGYI',
// Uncomment the following lines if you need table-based sessions.
// Note: Table-based sessions are currently not supported on MSSQL server.
// 'class' => 'application.core.web.DbHttpSession',
// 'connectionID' => 'db',
// 'sessionTableName' => '{{sessions}}',
'cookieParams' => array(
'secure' => true,
'httponly' => true,
'samesite' => 'None',
),
),

'request' => array(
'enableCsrfValidation'=>true,
'csrfCookie' => array(
'sameSite' => 'None',
'secure' => true,
),

Which we saw in the manual

We don't know what else to do.

Thanks for the help

Please Log in to join the conversation.

More
2 months 3 weeks ago #233440 by DenisChenu
Replied by DenisChenu on topic Error 400 CSRF token
Did you check at Global settings/ security ?

Maybe you have another part force CSP
developer.mozilla.org/en-US/docs/Web/HTTP/CSP

Check your header.

Assistance on LimeSurvey forum and LimeSurvey core development are on my free time.
I'm not a LimeSurvey GmbH member, professional service on demand , plugin development .
I don't answer to private message.

Please Log in to join the conversation.

Start now!

Just create your account and start using Limesurvey today.

Register now