iFrame login fails

karios

I am having trouble with using osTicket in an iFrame.
I've set the content-security-policy to include the "host" domain (where the iFrame is)
I've installed an SSL certificate on the osTicket webserver so both the "host" domain the the osTicket one are https.
I've added the "host" domain on Allow System iFrame setting in the General Settings

The osTicket appears fine but I cannot login. In the Dashboard>System Logs I am getting a "Invalid CSRF token" error.

If I go to the osTicket webserver directly, eveything works fine. It's just through the iFrame that login does not work.
Any ideas?

KevinTheJedi

karios

Post screenshot of Admin Panel > Dashboard > Information.

Cheers.

karios

Here you are.

KevinTheJedi

karios

So this is applied for you?

https://github.com/osTicket/osTicket/pull/6796

If so, what exactly happens during auth via iFrame? Exact errors and any other debug information is needed.

Cheers.

karios

It probably does, although this also does not include details so I can verify it's the same. It feels like it's the same though.
So this ticket was opened last year with no news?
On the browser side, I am getting no errors when trying to login as a user (just goes back to welcome screen). When I try to login as agent, I get only 3 Blocked autofocusing on an input element in a cross-origin subframe messages.

If I check the logs, I see the Invalid CSRF Token errors.

KevinTheJedi

karios

There should be some form of error if it's blocking/redirecting. Check to see if your CSP headers are to blame (specifically frame-ancestors, frame-src, and default-src).

Cheers.