search

YunoHost-Apps / synapse_ynh

Matrix server (synapse) package for YunoHost
https://matrix.org/
GNU General Public License v3.0
79 stars 43 forks source link

embed CAS in iframe #398

Open Thatoo opened 10 months ago

Thatoo commented 10 months ago

Would it be possible to configure headers to CAS to be embedded in an iframe? The idea is to be able to authenticate by CAS to synapse from riotchat (Element for Nextcloud) without the need to open an other window and make the user feel lost.

Thatoo commented 10 months ago

Here is the screenshot that explain well :

image

It would be nice if we didn't need to open the CAS acceptance in a new window but it would just display in the iframe and after clicking on accept it would go back to Element in the iframe.

Josue-T commented 10 months ago

Well,

I think it's probably a nginx header issue. But don't really know where. Can you check with the browser debug tools if there are some error/warning ?

Thatoo commented 10 months ago 
Le cookie « PHPSESSID » n’a pas de valeur d’attribut « SameSite » appropriée. Bientôt, les cookies dont l’attribut « SameSite » est manquant ou défini avec une valeur invalide seront traités comme « Lax ». Cela signifie que le cookie ne sera plus envoyé dans des contextes tiers. Si votre application dépend de la disponibilité de ce cookie dans de tels contextes, veuillez lui ajouter l’attribut « SameSite=None ». Pour en savoir plus sur l’attribut « SameSite », consultez https://developer.mozilla.org/docs/Web/HTTP/Headers/Set-Cookie/SameSite [login](https://matrix.MYDOMAIN.COM/_matrix/cas_server.php/login?service=https%3A%2F%2Fmatrix.MYDOMAIN.COM%2F_matrix%2Fclient%2Fr0%2Flogin%2Fcas%2Fticket%3FredirectUrl%3Dhttps%253A%252F%252Fnextcloud.yunomatcloud.hamdel.in%252Fapps%252Friotchat%252Friot%252F%2523%252F)

Le chargement de « https://matrix.MYDOMAIN.COM/_matrix/client/r0/login/cas/ticket?redirectUrl=https%3A%2F%2Fnextcloud.MYDOMAIN.COM%2Fapps%2Friotchat%2Friot%2F%23%2F&ticket=d7f402554717139bfd8ff396c9c2c231b9ce42eef1345b45a5be8541270ae89f93f2eebf41804751e8eeee90fa8e23a3a343 » dans un cadre est refusé par la directive « X-Frame-Options » définie à « SAMEORIGIN ».
[ticket](https://matrix.MYDOMAIN.COM/_matrix/client/r0/login/cas/ticket?redirectUrl=https%3A%2F%2Fnextcloud.MYDOMAIN.COM%2Fapps%2Friotchat%2Friot%2F%23%2F&ticket=d7f402554717139bfd8ff396c9c2c231b9ce42eef1345b45a5be8541270ae89f93f2eebf41804751e8eeee90fa8e23a3a343)

This error page has no error code in its security info [aboutNetError.js:570:13](chrome://browser/content/certerror/aboutNetError.js)

Uncaught DOMException: Permission denied to access property "document" on cross-origin object [main.js:2](https://nextcloud.MYDOMAIN.COM/apps/riotchat/js/main.js?v=4a98364a-0)
    i main.js:45
Thatoo commented 10 months ago

nextcloud.MYDOMAIN.COM is different from matrix.MYDOMAIN.COM so indeed, « X-Frame-Options » définie à « SAMEORIGIN ». is providing it.

Not sure it's possible to make an exception in nginx though...

Thatoo commented 10 months ago

Interesting... I face the exact same issue but reverse trying to ass the nextcloud calendar as a widget into a matrix room. Apparently this « X-Frame-Options » defined as « SAMEORIGIN » in nginx for matrix and nextcloud is kind of bothering. Isn't it too restrictive?