Embed/iFrame ticket form in external site

JuVDC

I am curious! Has anyone embedded the ticket form on an external site? How does it work? Any tips and tricks to share?

KevinTheJedi

You can either include the site as an iFrame on your site which basically displays the entire site within your site (Client Portal, Agent Panel, etc.). I will say there is currently a bug with authentication within the iFrame (session samesite issue) which will be patched next release (coming soon).

Or you could mimic the forms, help topics, etc. (whatever you want) on your site and call the API to create a Ticket when they submit the form. The API gives you the Ticket number back in the response if successful or errors on failure. So you could take that number and make your own thank you message/page on your site. You could also map the errors based on field name, etc. to display on your site’s form on failure.

References:

Cheers.

ntozier

There used to be a Wordpress Plugin that did something like that... but I never tried it

nminaker

KevinTheJedi Is there a way to resolve this issue at the moment before the next release?

KevinTheJedi

nminaker

I don’t have an official pull for it yet. I can post a patch later though.

Cheers.

nminaker

KevinTheJedi That'd be great! Thank you.

KevinTheJedi

nminaker

This should be it:

diff --git a/include/class.ostsession.php b/include/class.ostsession.php
index 66f786585..9b8fa1fcc 100644
--- a/include/class.ostsession.php
+++ b/include/class.ostsession.php
@@ -256,13 +256,19 @@ class osTicketSession {
     }
 
     static function renewCookie($baseTime=false, $window=false) {
+        global $ost;
+
         $ttl = $window ?: SESSION_TTL;
         $expire = ($baseTime ?: time()) + $ttl;
-        setcookie(session_name(), session_id(), $expire,
-            ini_get('session.cookie_path'),
-            ini_get('session.cookie_domain'),
-            ini_get('session.cookie_secure'),
-            ini_get('session.cookie_httponly'));
+        $opts = [
+            'expires' => $expire,
+            'path' => ini_get('session.cookie_path'),
+            'domain' => ini_get('session.cookie_domain'),
+            'secure' => ini_get('session.cookie_secure'),
+            'httponly' => ini_get('session.cookie_httponly'),
+            'samesite' => !empty($ost->getConfig()->getAllowIframes()) ? 'None' : 'Strict'
+        ];
+        setcookie(session_name(), session_id(), $opts);
         // Trigger expire update - neeed for secondary handlers that only
         // log new sessions
          self::expire(session_id(), $ttl);

Disclaimer:
There is no official pull request for this yet. The above changes have not been reviewed nor approved. If you decide to deploy these changes you will do so at your own risk. It's always best practice to take full backups before making any changes to the codebase and/or database. Good luck.

Cheers.

nminaker

KevinTheJedi Thank you! That seemed to work, but for some reason I had to remove the URLs in the Allow System iFrame field. With nothing in it, it works, but when I had URLs in there, it didn't.

Thank you!

Nicholas

KevinTheJedi

nminaker

That’s specifically what the patch fixes.

Cheers.