Skip to main content

Hello there,

Having a problem with embedding Miro inside another iframe.
It says “This is a private board”.
I’ve submited the form to get access to boards picker component according to documentation.


Here is the code:

miroBoardsPicker.open({
            clientId: clientId,
            action: 'access-link',

            allowCreateAnonymousBoards: true,
            getToken: async () => axios.post('/obtain-jwt').then(r => r.data),

            error: e => { console.log('on error', e) },
            cancel: () => { console.log('on cancel') },

            success: async function (result) {
                console.log(result)

                window.open(result.accessLink)
            },
        })
 

It works well upon opening the access link in the separate window via window.open()
Access Link example: https://miro.com/app/live-embed/uXjVMBMXOW0=/?boardAccessToken=5GDDy0S9quNzU4zH3U4jtsktWiJbpgKV&autoplay=true

However inside iframe some XHR requests falling with 403 error.



​​​​​


I noticed, that in requests which failing with 403 error, there is header absent X-Access-Link for some reason. But this header is present when link has been opening via window.open() call.
 

 

 



 

Hi @Alexander Akhtyrtsev, this might be because you web browser is configured to block third-party cookies. You will need to sign in each time that you want to access the board. See the authentication docs.

Could you try opening the iframe in a different browser, to see if that’s the issue?

@Josip Janzic I believe it is not a browser issue as it works the same way in different browsers.
Third-party cookies are allowed. 
If I got board access token, why do I need to be authenticated again?
https://miro.com/app/live-embed/uXjVMBMXOW0=/?boardAccessToken=5GDDy0S9quNzU4zH3U4jtsktWiJbpgKV&autoplay=true
Also, according to documentation live embed for unregistered users, we don’t need to generate token for each user

If the board picker user already has a Miro account then the url in in iframe should not contain the boardAccessToken parameter (in that case you don’t need to use the accessLink url). Could you try embedding the board in iframe with just https://miro.com/app/live-embed/uXjVMBMXOW0= (without boardAccessToken)?

@Josip Janzic The purpose is creating and using anonymous boards for unregistered users.
The same code works perfectly for signed-in users.
If not to provide board access token even for registered user, the issue also appears.

It might also be due to the fact that accessLink can only be used once, so if you are using window.open the first time that you receive the accessLink in success callba then it won’t be possible to use it again inside an iframe.

These links also can’t be shared between different users, so for each user you’ll need to generate a new accessLink.

Does this help?

@Josip Janzic The issue has been resolved by adding whitelisted domains.
Thank you for help.

Actually the access link is reusable for different users. It worked on my side, every user who had access link with token also had access to newly created anonyous board.

Reply


Terms & Conditions