Hello Miro Community,
I'm developing an app that runs within an iFrame on the Miro platform, and I'm encountering a persistent issue with authentication. Here's a summary of the problem:
- The app is integrated into Miro and runs within an iFrame.
- It uses the Miro REST API for functionality.
- When attempting to authenticate via OAuth, I receive a "CSRF token is not valid" error.
- This error occurs specifically within the iFrame context.
- The authentication process works fine when accessed directly in a separate browser tab.
I've already attempted to set the SESSION_COOKIE_SAMESITE configuration to 'None' to allow cross-origin requests, but the issue persists.
The core of the problem seems to be related to how the CSRF token is handled within the iFrame environment, as opposed to a regular browser context.
Has anyone encountered a similar issue or can provide guidance on how to properly handle authentication and CSRF validation for a Miro app running in an iFrame?
Any insights or solutions would be greatly appreciated. Thank you in advance for your help!