Embedded Laravel App In Iframe, Give 302 Error On Login
I'm trying to use the Laravel app in some other domain within iframe.
I had written a FrameMiddleware in which I have allowed that domain in the header
public function handle(Request $request, Closure $next)
{
$response = $next($request);
$response->header('Content-Security-Policy', 'frame-ancestors http://localhost');
return $response;
}
and by using the above middleware cors origin error removed.
As my Laravel app needs authentication from the iframe. and it's using form submission, not API. Then it starts to give a
419 error. I resolved by adding a login route in VerifyCsrfToken Middleware $except array for excluding csrf error.
then I check network and the post request for login give 302 error
I tested the authentication method and authenticated user object is returning with Dashboard page redirect and then 302 error code shown.
Moreover, I had set same_site => null in config/session.php but still not working.
As @apokryfos said, I need to set the cookie to be secure and set SameSite=None.
Goto : config/session.php
set:
'same_site' => 'none' and 'secure' => env('SESSION_SECURE_COOKIE', true) OR by setting SESSION_SECURE_COOKIE = true in .env file.
and don't forget to create FrameMiddleware as you can follow-my-question-thread and white_labeled the domain i.e http://localhost in which you are embedding iframe.
Note: you can verify cookies are secured or not along with SameSite=Null by using browser dev-tools as shown in the below image:
- Build a string by repeating a character N times
- Validate an array as "empty" if it has no elements or if all elements have no length
- phpunit runs test twice - gets two answers. Why?
- How can I make Laravel return a custom error for a JSON REST API
- regex for checking URL's wildcard for both subdomain and top level domain?
- Use Simple HTML Dom to parse HTML and generate an array of href values and plain text
- Generate an array of href strings from all <a> tags in an HTML document using Simple HTML DOM Parser
- Making POST application/json request with file_get_contents
- Woocommerce add to cart button redirect to checkout
- PHP form send email to multiple recipients
- How to loop over json-encoded data?
- Fill array with numbers adding up to a nominated total without exceeding item maximum
- Iterate over all last-day-of-the-month dates in a year
- Generate an associative 2d array with incremented column values using a flat array as first level keys
- Debug a single PHP file with $_GET parameters in NetBeans/Eclipse/PHPstorm (AJAX API)
- Put Values in Multidimensional Array keys
- Laravel queued jobs processed immediately even with a delay
- Error when calling function it self, VCS say="undefined function"
- How to truncate number 3 decimals
- PHP - How to get OAuth 2.0 Token
- Consume API endpoint from Laravel + Inertia App
- Generate real US street addresses for Selenium RC script
- Hour difference between 2 DateTime objects in Decimal Format
- Php update database if checkbox is not checked
- Group data from lines of a log file by one column and create subarrays from another column
- Use values of a flat array as the keys in every row of a 2d array
- Redis keys are not expiring - Laravel, Predis
- WooCommerce order status hook not triggering
- Execute a function on each element of an array
- Group a 2d array by year-month of a date column, add column of counts and create a subarray from a column of ids in each group