CSRF iframe verification failed

Hi - inserted a seatable link into an ifram, but it stopped working, I get the following error:

"Verboten (403)
CSRF-Verifizierung fehlgeschlagen. Anfrage abgebrochen.

Sie sehen Diese Nachricht, da diese Seite einen CSRF-Cookie beim Verarbeiten von Formulardaten benötigt. Dieses Cookie ist aus Sicherheitsgründen notwendig, um sicherzustellen, dass Ihr Webbrowser nicht von Dritten missbraucht wird.

Falls Sie Cookies in Ihren Webbrowser deaktiviert haben, müssen Sie sie mindestens für diese Seite oder für „Same-Origin“-Verbindungen reaktivieren."

I tried Firefox and Chrome with no luck.

This is the Link I used: https://cloud.seatable.io/dtable/view-external-links/custom/***/

Any ideas how to solve this issue?

Greetings Nico

Please note this:

If you need an example for integrating external ilnks in a webpage, have a look at our press page: https://seatable.io/en/presse/

I noticed the thread and I did some research. The iframe link is working, but only if you dont add a password.

I tested it right now:
link without password = working
link with password = error

So I need a password, any chance for getting it work?

Greetings Nico

Hey Nico,

I am sorry but we will not allow password protected views via iframe. We cannot weaken the CSRF checks because this will lower the security of cloud.seatable.io in general.

If you want to keep the password protection, then create an preview-image and link it to the correct url. Or if you don’t want to send the user to cloud.seatable.io then you have to protect your view with another kind of protection like HTTP-Basis Authentification in your webserver or add some code like php or python pending of your website language.

Here is a short link how to use http basic authentication in nginx: Restricting Access with HTTP Basic Authentication | NGINX Plus.
If you have apache use this manual:
Authentication and Authorization - Apache HTTP Server Version 2.4

Best regards
Christoph

1 Like

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.