View Issue Details

Jump to NotesJump to History
This bug affects 1 person(s).
 2
IDProjectCategoryView StatusDate SubmittedLast Update
09634Feature requestsSurvey takingpublic2015-05-15 12:512015-05-15 12:57
ReporterDenisChenu Assigned ToDenisChenu  
PrioritynormalSeverityfeature 
Status closedResolutionsuspended 
Fixed in Version2.05+ 
Summary09634: A way to allow iframe survey with different domain
Description

In 2.06 : using this config:
'session' => array(
'cookieMode'=>'none',
'useTransparentSessionID'=>true,
),

Allow iframe survey with different domain. PHPSESSID is set in POST or GET value according to PHP system.

BUT :

  • This son't work on 2.05
  • This disallow access to admin part
Additional Information

I have an idea to useTransparentSessionID true only for survey public part in a plugin. Then maybe nothing is needed.
But here:

  • did someone have an idea it don't work on 2.05
  • dis someone have an idea why it don't work at admin and DO we need to fix it, or not.

config array is only accessible by real admin user, then it's not a major break issue . User choose to break some security rules, we can alert in manual.

Another way is to update LS core to allow this settings and use more control on session. We already have CSRF, this give some more security, but needed more ?

TagsNo tags attached.
Bug heat2
Story point estimate
Users affected %

Users monitoring this issue

There are no users monitoring this issue.

Activities

DenisChenu

DenisChenu

2015-05-15 12:57

developer   ~32209

Oups ...

'session' => array(
'cookieMode'=>'none',
'useTransparentSessionID'=>true,
),
'request' => array(
'enableCsrfValidation'=>false,
),

Does the trick in 2.05 and 2.06. Admin still inaccessible BUT : different domain can be used and update config according to dmain is possible too.

If needed : i update manual when i found some times (didn't explai the way to have 2 domains).

Issue History

Date Modified Username Field Change
2015-05-15 12:51 DenisChenu New Issue
2015-05-15 12:51 DenisChenu Additional Information Updated
2015-05-15 12:57 DenisChenu Note Added: 32209
2015-05-15 12:57 DenisChenu Status new => closed
2015-05-15 12:57 DenisChenu Assigned To => DenisChenu
2015-05-15 12:57 DenisChenu Resolution open => suspended
2015-05-15 12:57 DenisChenu Fixed in Version => 2.05+