I have a wiki (Mediawiki v1.35.1) that works when unframed – that is, when not embedded as an iframe URL view in Shotgun.
When embedded in SG, the wiki login form:
- Firefox, 85.0 Linux
- Firefox, 86.0 Windows
…and does NOT work with:
- Chrome, 89.0 Windows
Specifically: “Not working” means authentication is blocked and this error is displayed:
There seems to be a problem with your login session; this action has been canceled as a precaution against session hijacking. Please resubmit the form."
It seems there is clickjacking defense involved.
My Apache (v2.4.6) headers:
Header set Access-Control-Allow-Origin "*" Header set Content-Security-Policy "frame-ancestors 'self' *.shotgunstudio.com" Header unset X-Frame-Options
My wiki LocalSettings.php settings:
$wgEditPageFrameOptions = false; $wgApiFrameOptions =false; $wgCookiePrefix = "wiki"; $wgBreakFrames = false;
Other community posts I’ve pondered
So, I suspect this may be a MediaWiki issue, and not strictly a Shotgun issue, but it seems that a few community members have enountered something like this. But I am especially puzzled by the difference between Firefox and Chrome.
Any ideas on how to fix this?