Level 1
Console output: Blocked a frame with origin "SITE B" from accessing a frame with origin "SITE A". Protocols, domains, and ports must match.
Mar 13, 2025
3
Level 1
Laravel app with login in iframe
Hello, I have the following problem. I want to embed my Laravel app (Site B) via an iframe on a website (Site A). The Laravel app in the iframe requires a login. I use middleware to check whether the referrer is correct, and if so, I log in a user using Auth::loginUsingId($user->id) and redirect to a landing page. This works in common desktop browsers, but not on mobile in Safari. It seems that not even a cookie from Site B is being set/accepted. My session configuration is: 'same_site' => 'none' 'secure' => true
If I disable "Prevent Cross-Site Tracking" in Safari on the client side, it works.
Console output: Blocked a frame with origin "SITE B" from accessing a frame with origin "SITE A". Protocols, domains, and ports must match.
What am I doing wrong?
Level 80
I want to embed my Laravel app (Site B) via an iframe on a website (Site A)
@markushh78 Why? This (and specifically trying to log in via an iframe) goes against every security best practice there is. You absolutely do not want login requests from inside an iframe.
1 like
Level 75
Curious, why do you want an iframe? Couldn't you setup an API and pull in data to display? Or just have the website and make mobile friendly (responsive).
1 like
Please or to participate in this conversation.