Joomla 5 Notice

We are pleased to announce that as of January 29, 2024, all of our Joomla extensions are compatible with Joomla 5.

For all who are still updateing from Joomla 3 to Joomla 4: Joomla 4 Migration instructions are available here:

There is now a separate Documentation for Visforms for Joomla 4 and for Visforms for Joomla 5!

Forum

Visforms Subscription user can ask questions in our forum. Please log in with the relevant user first.
Everybody can access the forum for reading.

Please only ask 1 question per topic.

Embed form page into iframe, additional information

More
2 years 4 months ago #7722 by yellowbird
Embed form page into iframe was created by yellowbird
Dear friends,

I've prepared a simple visform form to be embedded from another domain as iframe.
The form itself is setup up with a response text (no redirect URL) and works as expected if used directly.
Embedded into an iframe it behaves different and is not redirecting to the response message page but returns to the form itself.
Also, any URL parameters of the original request get lost, which doesn happen if used direclty.)

Details:
Joomla URI with form:
example.com/en/formembed/

Works:
Direct access to example.com/en/formembed/
Click Submit
-> POST to example.com/en/formembed/?task=visforms.send&id=123
(POST data includes the original URL GET paramters, if any)
HTTP response includes:
Location: /en/formembed/message
(plus original URL GET paramters, if any)
Result message is displayed as expected.


Not working:
Embed form page URI as above on some other domain (https also)
<iframe src=" example.com/en/formembed/ " ... />
Click Submit
-> POST to example.com/en/formembed/?task=visforms.send&id=123
(POST data includes the original URL GET paramters, if any)
HTTP response includes:
Location: /en/formembed
(also, original URL GET parameters, if any, missing)
POST headers are identical in both cases

(I also tried to reduce the initial form page by providing a reduced Joomla template variant with every html element but the form/joomla-component removed via Joomla's ?tmpl=plain feature)

I have absolutely no further ideas why it does behave different.
Any hint appreciated!

More
2 years 4 months ago #7723 by yellowbird
Additional information:
- configured a redirect url for the form. Ignored when used in iframe
- Form data is not saved when used in iframe

More
2 years 4 months ago #7726 by Administrator AV
Replied by Administrator AV on topic Embed form page into iframe, additional information
Hi,
this is the result of the iFrame Security Policy, which is implemented in all modern browsers in order to prevent malicious use of iFrames.

Some Background:
The SameSite attribute of the Set-Cookie HTTP response header allows you to declare if your cookie should be restricted to a first-party or same-site context.
"None" used to be the default value, but recent browser versions made "Lax" the default value to have reasonably robust defense against some classes of cross-site request forgery (CSRF) attacks.

If you want to use a Visforms form from one domain in an iFrame on another domain you have at least to enable Cross Site Cookies on the domain where the form originates from.

Regards,
Aicha

:idea: I recommend you the new and up-to-date documentation for Joomla 4:
docs.joomla-5.visforms.vi-solutions.de/en/docs/
Most of this also applies retrospectively to Joomla 3.
Please only ask 1 question per topic :-).

:idea: Ich empfehle Dir die neue und aktuelle Dokumentation für Joomla 4:
docs.joomla-5.visforms.vi-solutions.de/docs/
Das meiste gilt rückwirkend auch für Joomla 3.
Bitte immer nur 1 Frage pro Thema stellen :-).

Moderators: Administrator AVAdministrator IV
Powered by Kunena Forum