Jump to content
  • 0

iframe works in Firefox, not Chrome


Question

Hello all!

I have a wiki (Mediawiki v1.35.1) that works when unframed – that is, when not embedded as an iframe.


When iframed, the wiki login form:

…works with:

  • Firefox, 85.0 Linux
  • Firefox, 86.0 Windows

…and does NOT work with:

  • Chrome, 89.0 Windows

 

“Not working” means authentication is blocked and this error is displayed:

There seems to be a problem with your login session; this action has been canceled as a precaution against session hijacking. Please resubmit the form."

I suspect clickjacking defenses are involved.

My Apache (v2.4.6) headers:

Header set Access-Control-Allow-Origin "*"
Header set Content-Security-Policy "frame-ancestors 'self' *.shotgunstudio.com"
Header unset X-Frame-Options

shotgunstudio.com is the embedding domain. Both my wiki and shotgunstudio have valid SSL.

My wiki LocalSettings.php settings:

$wgEditPageFrameOptions = false;
$wgApiFrameOptions =false;
$wgCookiePrefix = "wiki";
$wgBreakFrames = false;


I am especially puzzled by the difference between Firefox and Chrome.


Any ideas on how to fix this?


Sincerely,

Wellington

Link to post
Share on other sites

1 answer to this question

Recommended Posts

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Answer this question...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.