Cubeboy Posted March 23, 2022 Share Posted March 23, 2022 This has plagued me!!!! looked everywhere I know, this happens in chrome, firefox works fine. Please any new ideas, don't be shy. I am trying to access my whmcs install from a iframe (it worked perfect before the last upgrade) <iframe name="Portal" src="https://domain.com/index.php?rp=/login" height="1500" width="100%" ></iframe></p> The login page loads the page as it should but it won't let any clients log in This is what I have tried so far: Clear cache and cookies, also did a dnsflush on my local computerChanged PHP version, now using 7.4.28 Changed session path to: /var/cpanel/php/sessions/ea-php74 (chmod 777) phpinfo session.save_path /var/cpanel/php/sessions/ea-php74 Also changed: vi /usr/local/cpanel/3rdparty/php/74/etc/php.ini (to above path) Disabled CSRF Checks in whmcs setting ( tried every combination with both toggles) (CSRF Tokens: General), (CSRF Tokens: Domain Checker) Added all Ip's from my hosting server to my whmcs server in the "API IP Access Restriction" box Thank You! 0 Quote Link to comment Share on other sites More sharing options...
WHMCS Technical Analyst WHMCS Danny Posted March 23, 2022 WHMCS Technical Analyst Share Posted March 23, 2022 Quote The login page loads the page as it should but it won't let any clients log in Do you get any other error at all other than the CSRF error? Please try using the browsers developer tools to see if there are any errors. It will show up in a highlighted red text in the console usually. You should also check the Network tab console too. Now, If this is only happening in Google Chrome browser, you should be able to resolve this issue by disabling SameSite by default cookies flag in Google Chrome. To disable, type chrome://flags in the address bar of your chrome browser and then disable the flag SameSite by default cookies. (This has also been reported with the Edge browser) Safari Browser - You have to untick Prevent cross-site tracking under Safari > Preferences > Privacy 0 Quote Link to comment Share on other sites More sharing options...
Cubeboy Posted March 23, 2022 Author Share Posted March 23, 2022 JQMIGRATE: Migrate is installed, version 3.3.2 domain.com/dologin.php:130 Blocked autofocusing on a <input> element in a cross-origin subframe. index.php:133 Blocked autofocusing on a <input> element in a cross-origin 0 Quote Link to comment Share on other sites More sharing options...
Cubeboy Posted March 23, 2022 Author Share Posted March 23, 2022 I did Find the a bad solution, however I can't ask all my clients to do this.https://www.technipages.com/google-chrome-bypass-blocked-cross-origin-frame Also all whmcs Integration Code section no longer works! 0 Quote Link to comment Share on other sites More sharing options...
Solution SeanP Posted March 26, 2022 Solution Share Posted March 26, 2022 If you are running Apache, you can add the following to your Apache config, but it will force SameSite=none for ALL cookies: Header always edit Set-Cookie ^(.*)$ "$1;HttpOnly;Secure;SameSite=none" 0 Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.