Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


Skip to content
  • Categories
  • Recent
  • Tags
  • Popular
  • Bookmarks
  • Search
Skins
  • Light
  • Cerulean
  • Cosmo
  • Flatly
  • Journal
  • Litera
  • Lumen
  • Lux
  • Materia
  • Minty
  • Morph
  • Pulse
  • Sandstone
  • Simplex
  • Sketchy
  • Spacelab
  • United
  • Yeti
  • Zephyr
  • Dark
  • Cyborg
  • Darkly
  • Quartz
  • Slate
  • Solar
  • Superhero
  • Vapor

  • Default (No Skin)
  • No Skin
Collapse
Brand Logo

Cloudron Forum

Apps | Demo | Docs | Install
  1. Cloudron Forum
  2. Easy!Appointments
  3. Iframe CSRF Restrictions

Iframe CSRF Restrictions

Scheduled Pinned Locked Moved Easy!Appointments
3 Posts 3 Posters 847 Views 3 Watching
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • F Offline
      F Offline
      Fishbeet
      wrote on last edited by
      #1

      I would like to run Easy!Appointments through an iframe. But I run into issues with that specific endpoint: "/index.php/appointments/ajax_get_available_hours"

      There exists a solution for this which requires changing $config['csrf_exclude_uris'] in the config.php in the application/config folder:
      [https://github.com/alextselegidis/easyappointments/issues/732](link url)

      Since that folder is read-only I am unable to do that myself. Is there a way to expose this config or alter the docker container to make that possible?

      Thank you.

      girishG 1 Reply Last reply
      1
      • F Fishbeet

        I would like to run Easy!Appointments through an iframe. But I run into issues with that specific endpoint: "/index.php/appointments/ajax_get_available_hours"

        There exists a solution for this which requires changing $config['csrf_exclude_uris'] in the config.php in the application/config folder:
        [https://github.com/alextselegidis/easyappointments/issues/732](link url)

        Since that folder is read-only I am unable to do that myself. Is there a way to expose this config or alter the docker container to make that possible?

        Thank you.

        girishG Offline
        girishG Offline
        girish
        Staff
        wrote on last edited by
        #2

        @fishbeet It seems that application/config/config.php is meant to be application code and not meant to be overwritten by user. Any changes you make to this file would get lost on update. Not sure what the best approach is if the upstream project is not supporting it. Maybe @nebulon knows since he packaged it initially.

        I can think of two ideas: You will have to install this in the LAMP app yourself to make code changes. Alternately, we have to make a PR to the upstream project to make it embeddable via the root directory config.php.

        1 Reply Last reply
        0
        • nebulonN Offline
          nebulonN Offline
          nebulon
          Staff
          wrote on last edited by
          #3

          @girish is right here. The app only supports overwriting config variables as such via https://github.com/alextselegidis/easyappointments/blob/master/config-sample.php which will be located at /app/data/config.php in the Cloudron package. However only values which are referenced in the application code config.php with Config:: will be taken into account.

          So supporting further values requires application patches.

          1 Reply Last reply
          0
          Reply
          • Reply as topic
          Log in to reply
          • Oldest to Newest
          • Newest to Oldest
          • Most Votes


            • Login

            • Don't have an account? Register

            • Login or register to search.
            • First post
              Last post
            0
            • Categories
            • Recent
            • Tags
            • Popular
            • Bookmarks
            • Search