Iframe CSRF Restrictions
-
I would like to run Easy!Appointments through an iframe. But I run into issues with that specific endpoint: "/index.php/appointments/ajax_get_available_hours"
There exists a solution for this which requires changing $config['csrf_exclude_uris'] in the config.php in the application/config folder:
[https://github.com/alextselegidis/easyappointments/issues/732](link url)Since that folder is read-only I am unable to do that myself. Is there a way to expose this config or alter the docker container to make that possible?
Thank you.
-
@fishbeet It seems that application/config/config.php is meant to be application code and not meant to be overwritten by user. Any changes you make to this file would get lost on update. Not sure what the best approach is if the upstream project is not supporting it. Maybe @nebulon knows since he packaged it initially.
I can think of two ideas: You will have to install this in the LAMP app yourself to make code changes. Alternately, we have to make a PR to the upstream project to make it embeddable via the root directory config.php.
-
@girish is right here. The app only supports overwriting config variables as such via https://github.com/alextselegidis/easyappointments/blob/master/config-sample.php which will be located at
/app/data/config.phpin the Cloudron package. However only values which are referenced in the application code config.php withConfig::will be taken into account.So supporting further values requires application patches.
