Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

embed CAS in iframe #398

Open
Thatoo opened this issue Aug 25, 2023 · 5 comments
Open

embed CAS in iframe #398

Thatoo opened this issue Aug 25, 2023 · 5 comments

Comments

@Thatoo
Copy link

Thatoo commented Aug 25, 2023

Would it be possible to configure headers to CAS to be embedded in an iframe?
The idea is to be able to authenticate by CAS to synapse from riotchat (Element for Nextcloud) without the need to open an other window and make the user feel lost.

@Thatoo
Copy link
Author

Thatoo commented Aug 27, 2023

Here is the screenshot that explain well :

image

It would be nice if we didn't need to open the CAS acceptance in a new window but it would just display in the iframe and after clicking on accept it would go back to Element in the iframe.

@Josue-T
Copy link

Josue-T commented Aug 27, 2023

Well,

I think it's probably a nginx header issue. But don't really know where. Can you check with the browser debug tools if there are some error/warning ?

@Thatoo
Copy link
Author

Thatoo commented Aug 27, 2023

Le cookie « PHPSESSID » n’a pas de valeur d’attribut « SameSite » appropriée. Bientôt, les cookies dont l’attribut « SameSite » est manquant ou défini avec une valeur invalide seront traités comme « Lax ». Cela signifie que le cookie ne sera plus envoyé dans des contextes tiers. Si votre application dépend de la disponibilité de ce cookie dans de tels contextes, veuillez lui ajouter l’attribut « SameSite=None ». Pour en savoir plus sur l’attribut « SameSite », consultez https://developer.mozilla.org/docs/Web/HTTP/Headers/Set-Cookie/SameSite [login](https://matrix.MYDOMAIN.COM/_matrix/cas_server.php/login?service=https%3A%2F%2Fmatrix.MYDOMAIN.COM%2F_matrix%2Fclient%2Fr0%2Flogin%2Fcas%2Fticket%3FredirectUrl%3Dhttps%253A%252F%252Fnextcloud.yunomatcloud.hamdel.in%252Fapps%252Friotchat%252Friot%252F%2523%252F)


Le chargement de « https://matrix.MYDOMAIN.COM/_matrix/client/r0/login/cas/ticket?redirectUrl=https%3A%2F%2Fnextcloud.MYDOMAIN.COM%2Fapps%2Friotchat%2Friot%2F%23%2F&ticket=d7f402554717139bfd8ff396c9c2c231b9ce42eef1345b45a5be8541270ae89f93f2eebf41804751e8eeee90fa8e23a3a343 » dans un cadre est refusé par la directive « X-Frame-Options » définie à « SAMEORIGIN ».
[ticket](https://matrix.MYDOMAIN.COM/_matrix/client/r0/login/cas/ticket?redirectUrl=https%3A%2F%2Fnextcloud.MYDOMAIN.COM%2Fapps%2Friotchat%2Friot%2F%23%2F&ticket=d7f402554717139bfd8ff396c9c2c231b9ce42eef1345b45a5be8541270ae89f93f2eebf41804751e8eeee90fa8e23a3a343)


This error page has no error code in its security info [aboutNetError.js:570:13](chrome://browser/content/certerror/aboutNetError.js)


Uncaught DOMException: Permission denied to access property "document" on cross-origin object [main.js:2](https://nextcloud.MYDOMAIN.COM/apps/riotchat/js/main.js?v=4a98364a-0)
    i main.js:45

@Thatoo
Copy link
Author

Thatoo commented Aug 27, 2023

nextcloud.MYDOMAIN.COM is different from matrix.MYDOMAIN.COM so indeed, « X-Frame-Options » définie à « SAMEORIGIN ». is providing it.

Not sure it's possible to make an exception in nginx though...

@Thatoo
Copy link
Author

Thatoo commented Aug 28, 2023

Interesting...
I face the exact same issue but reverse trying to ass the nextcloud calendar as a widget into a matrix room.
Apparently this « X-Frame-Options » defined as « SAMEORIGIN » in nginx for matrix and nextcloud is kind of bothering.
Isn't it too restrictive?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

2 participants