Notifications
Clear all

Getting Error "CSRF token mismatch! We tried it, but failed when requesting data to the server."

4 Posts
2 Users
0 Reactions
1,095 Views
Posts: 2
Topic starter
(@mbreti3gut)
New Member
Joined: 4 years ago

Hi,

I want to iFrame my own external website into my main Wordpress membership site. The iframe shows the login page of that website, even I have an active login session on my browser. When I try to login into it, it shows an error saying "CSRF token mismatch! We tried it, but failed when requesting data to the server."

Can you please show me the full workaround how to bypass all this? Perfectly would be to autologin into the dashboard of that website to avoid double login.

 

Thank you in advance!

3 Replies
TinyWebGallery
Posts: 925
Admin
(@admin)
Prominent Member
Joined: 16 years ago

I assume you have a cookie issue here. In the iframe you need secure + SameSite=None cookies. Can you check if this is the case. Press F12 - the browser console will tell you if you have this issue. 

A possible solution can be found here: https://www.tinywebgallery.com/blog/advanced-iframe/advanced-iframe-pro-demo/how-to-use-the-samesite-cookie-fix

Part of it is in my next release. Part you can do also n your .htaccess or by fixing your code.

Autologin has nothing to do with the iframe. Thi you have to implement by yourself.

Best regards, Michael

Reply
Posts: 2
Topic starter
(@mbreti3gut)
New Member
Joined: 4 years ago

Let me explain a little more:

 

I have my WP membership site:

example1.com

 

I have another WP site:

example2.com

 

And I have a nonWP site:

app.example2.com as a (subdomain of example2.com)

 

Now, I want to embed the app.example2.com into both websites. On example2.com it works perfectly, but on example1.com it shows that error. I think it has to do something about that it is an external domain. 

Reply
TinyWebGallery
Posts: 925
Admin
(@admin)
Prominent Member
Joined: 16 years ago

Check my last post. Have you checked the browser console? Different domains can always be a cookie issue...

Best regards, Michael

Reply