iframe yii2 cross-domain csrf csrf-token

Yii2 Bad Request 400 - Unable to login from iframe on another domain

I am using iframe on domain1.com And the yii2 web app is on domain2.com

I am have passed domain.com url in the src of iframe on domain1.com and use this in the yii2 Access-Control-Allow-Origin: * to enable cors

I can login on domain2.com but it throws bad request 400 error if I try logging in through iframe on domain1.com

Any help would be really appreciated

Solution

Here is the answer to my question, I solved the problem

Change the PHP version to >7.3
Go into the config/web.php for basic app or config/main.php
Add this: 'httpOnly' => true, 'secure' => true, 'samesite' => 'None' in _csrf param for request block and _identity cookie in the user block

Using this you would be able to log into the domain1.com and domain2.com using same session on both the domains if the site is in iframe in the domain1.com

How to listen iframe keydown event with ReactJS
SecurityError: Blocked a frame with origin from accessing a cross-origin frame
EventListener won't work in iframe but works outside of it
Safely embedding YouTube video in a div of a web page
How to move an iFrame in the DOM without losing its state?
OAuth not working inside an iframe
Change iframe to basic HTML <form> code
What’s the best way to reload / refresh an iframe?
Adjust Iframe height every time the content changes
Java ZK pass parameter from iframe to ZUL different servers
in Chrome devtools source tab, what is cd_iframe_id attribute?
disabling blackbars on youtube embed iFrame
Make iframe automatically adjust height according to the contents without using scrollbar?
What is window.origin?
Is it possible to sandbox web components?
Print whole HTML page including pdf file inside iframe
How do I set content of iframe with Javascript?
How do I create an iframe element and set the HTML of it dynamically?
How to click on "Verify you are human" checkbox challenge by cloudflare using Selenium
Why are iframes considered dangerous and a security risk?
How do I hide related videos at the end of a YouTube playlist embed code?
Video keeps playing after closing modal
how to embed html iframe on Python tkinter app
Moodle iframe activity lesson completion event
getElementById outside of iframe
How to identify if a webpage is being loaded inside an iframe or directly into the browser window?
Full Page <iframe>
iframe body remove space
Iframe doesn't work in kolkov angular editor
Delay load of iframe?