Welcome to the LimeSurvey Community Forum

Ask the community, share ideas, and connect with other LimeSurvey users!

remove 401 error for survey inside iframe

  • gtardy
  • gtardy's Avatar Topic Author
  • Offline
  • New Member
  • New Member
More
4 years 9 months ago #185939 by gtardy
I have installed LimeSurvey locally, and now want to show a survey within a frame.
It works fine if the origin is the same, but otherwise shows a 401 error.
I have tried to remove the X-Frame-Options in LimeSurvey's .htaccess file (Header always unset X-Frame-Options), to no avail.

Is there a setting in LimeSurvey that I don't know of ?
How to remove this 401 error ?

FYI, here is the code of my iframe (which works fine if same origin) :

<!DOCTYPE html>
<html lang="fr">
<head>
<meta charset="UTF-8" />
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<title>MY TITLE</title>
<meta name="viewport" content="width=device-width, initial-scale=1.0, shrink-to-fit=no">
<meta name="robots" content="noindex">
<link rel="shortcut icon" href="../img/favicon.ico" />
</head>
<body style="margin: 0; padding: 0;">
<iframe src="MY SURVEY URL" frameborder="0" style="display: block; background: #fff; border: none; height: 100vh; width: 100vw;"></iframe>
</body>
</html>
The topic has been locked.
  • Joffm
  • Joffm's Avatar
  • Offline
  • LimeSurvey Community Team
  • LimeSurvey Community Team
More
4 years 9 months ago - 4 years 9 months ago #185944 by Joffm
Replied by Joffm on topic remove 401 error for survey inside iframe
Hi,
You installed LimeSurvey locally on a XAMPP server?

And what is the meaning of "same origin" vs. "not same origin"?
Sorry, I do not understand that?

Is your survey activated?


Joffm

Volunteers are not paid.
Not because they are worthless, but because they are priceless
Last edit: 4 years 9 months ago by Joffm.
The topic has been locked.
  • gtardy
  • gtardy's Avatar Topic Author
  • Offline
  • New Member
  • New Member
More
4 years 9 months ago #185946 by gtardy
Replied by gtardy on topic remove 401 error for survey inside iframe
I installed LimeSurvey on a Linux (Apache) server, live.
The survey I created is NOT yet activated, so I was only previewing it.

If the iframe is "same origin" as the survey (both are on the same domain), it works.
Then if I move the iframe to a different domain, it fails.
The iframe remains unchanged, with an absolute URL that points to the survey.

The error says :

401: Unauthorized
We are sorry but you don't have permissions to do this.
You must be logged in to access to this page.
The topic has been locked.
  • DenisChenu
  • DenisChenu's Avatar
  • Offline
  • LimeSurvey Community Team
  • LimeSurvey Community Team
More
4 years 9 months ago #185951 by DenisChenu
Replied by DenisChenu on topic remove 401 error for survey inside iframe
Try to activate survey 1st

github.com/LimeSurvey/LimeSurvey/blob/7a...urvey/index.php#L232

Surely a domain issue , then you are not loggued for the iframe.

Assistance on LimeSurvey forum and LimeSurvey core development are on my free time.
I'm not a LimeSurvey GmbH member, professional service on demand , plugin development .
I don't answer to private message.
The topic has been locked.
  • gtardy
  • gtardy's Avatar Topic Author
  • Offline
  • New Member
  • New Member
More
4 years 9 months ago #185952 by gtardy
Replied by gtardy on topic remove 401 error for survey inside iframe
After I activated the survey, another error arises : clicking on the "Next" button doesn't work !

After clicking, the mouse cursor turns briefly to 'not-allowed', and then reverts back to default, stuck on the same question group.
The topic has been locked.
  • Joffm
  • Joffm's Avatar
  • Offline
  • LimeSurvey Community Team
  • LimeSurvey Community Team
More
4 years 9 months ago #185954 by Joffm
Replied by Joffm on topic remove 401 error for survey inside iframe
Therefore I asked you, if it is activated.

Well, without knowing anything about your environment, every answer is only a guess.

I just tested with your HTML and a survey on a different domain - no problem at all.

BTW: What happens if you call the LimeSurvey page " www.limesurvey.org "?

Joffm

Volunteers are not paid.
Not because they are worthless, but because they are priceless
The topic has been locked.
  • gtardy
  • gtardy's Avatar Topic Author
  • Offline
  • New Member
  • New Member
More
4 years 9 months ago #185956 by gtardy
Replied by gtardy on topic remove 401 error for survey inside iframe
Please find here the iframe'd and activated survey :

[ iframe'd and same domain -> pressing on 'Next' results in PHP Error [500] Undefined offset: -1 ]
lifestooeasy.com/home/fr/survey_in_frame

[ iframe'd and different domain -> clicking on the "Next" button doesn't work at all ]
pilierpublic.com/fr/survey_in_frame

[ original survey -> works fine ]
lifestooeasy.com/survey/index.php/867832?lang=fr
The topic has been locked.
  • DenisChenu
  • DenisChenu's Avatar
  • Offline
  • LimeSurvey Community Team
  • LimeSurvey Community Team
More
4 years 9 months ago #185958 by DenisChenu
Replied by DenisChenu on topic remove 401 error for survey inside iframe
The best is to have same domain for iframe …

Else there are always error because Browser security disable this.
stackoverflow.com/questions/2117248/sett...ame-different-domain

But with my current Firefox it work on pilierpublic.com/fr/survey_in_frame


Assistance on LimeSurvey forum and LimeSurvey core development are on my free time.
I'm not a LimeSurvey GmbH member, professional service on demand , plugin development .
I don't answer to private message.
The topic has been locked.
  • Joffm
  • Joffm's Avatar
  • Offline
  • LimeSurvey Community Team
  • LimeSurvey Community Team
More
4 years 9 months ago #185959 by Joffm
Replied by Joffm on topic remove 401 error for survey inside iframe
Hi,

I only could test your first URL, where you said "pressing on 'Next' results in PHP Error [500] Undefined offset: -1 ]"
But look, I am at the end:


For the others I get the message that I already completed the questionnaire "Vous avez déjà complété ce questionnaire".
(Did you set the IP check?)

Joffm

Volunteers are not paid.
Not because they are worthless, but because they are priceless
The topic has been locked.
  • gtardy
  • gtardy's Avatar Topic Author
  • Offline
  • New Member
  • New Member
More
4 years 9 months ago #185962 by gtardy
Replied by gtardy on topic remove 401 error for survey inside iframe
Thank you all for your help.

At this point I am convinced that running the iframe from a different domain won't work because of the cookies being used by LimeSurvey.
While annoying, this isn't critical for me and thus I shall run the survey from the same domain.

Joffm : yes, I had enabled IP check (an oversight considering the test being run)

There is probably a bug report to be filed, because application/config/config-defaults.php contains a string that is supposed to enable what I was looking for :

/**
* Sets if any part of LimeSUrvey may be embedded in an iframe
* Valid values are allow, sameorigin
* Default: allow
* Recommended: sameorigin
* Using 'deny' is currently not supported as it will disable the theme editor preview and probably file upload.
*/
$config = 'allow';

To be sure, I also tried optional settings ( manual.limesurvey.org/Optional_settings ), adding to config.php :

// Set the domain for cookie
'session'=>array(
'cookieParams'=>array(
'domain'=>'.pilierpublic.com',
),
),

That didn't change a thing. As before, cookies are being set on the other domain, as if the aforementioned settings was completely ignored.

For the future, it would be nice to offer an option that replaces cookies with URL query GET parameters (when in an iframe, these won't be seen by the user anyway) and a form's POST parameters.
The topic has been locked.
  • DenisChenu
  • DenisChenu's Avatar
  • Offline
  • LimeSurvey Community Team
  • LimeSurvey Community Team
More
4 years 9 months ago #185963 by DenisChenu
Replied by DenisChenu on topic remove 401 error for survey inside iframe
@Joffm and me can goes to the survey on 2 different domain …

My firefox is the last one with support.mozilla.org/en-US/kb/content-blocking at strict + ublock origin + Privacy badger.

Then if you have an issue : it's your old browser who don't understand Cross domain policy : developer.mozilla.org/en-US/docs/Web/HTTP/CORS

Assistance on LimeSurvey forum and LimeSurvey core development are on my free time.
I'm not a LimeSurvey GmbH member, professional service on demand , plugin development .
I don't answer to private message.
The topic has been locked.
  • gtardy
  • gtardy's Avatar Topic Author
  • Offline
  • New Member
  • New Member
More
4 years 9 months ago #185964 by gtardy
Replied by gtardy on topic remove 401 error for survey inside iframe
For the record, I ran all my tests with the latest version of Chrome.
The topic has been locked.

Lime-years ahead

Online-surveys for every purse and purpose