- Issue created by @amarshkhl09
- π¨π¦Canada Liam Morland Ontario, CA π¨π¦
Please check if this problem exists in 6.2.x. It will need to be fixed there.
- π¦πΊAustralia amarshkhl09
Hi Liam, I have tested this on 6.2.x( https://www.drupal.org/project/webform/releases/6.2.x-dev β ) as well and the problem still exists.
- Status changed to Closed: won't fix
about 1 year ago 10:41am 8 October 2023 - πΊπΈUnited States jrockowitz Brooklyn, NY
The webform share functionality is intended for anonymous users. If you are trying to implement an authenticated version, you would need to write some custom code or patch the webform.module. For example, you can use the attached patch to always remove the X-Frame-Options from the header.
There might even be an opportunity to create a webform_share_authenticated.module that logs users in via the iframe.
- π¦πΊAustralia amarshkhl09
Hi Jacob, thank you for the explanation and for the patch.
I was thinking of something similar. I guess since this is a Webform Share EventSubscriber, it only affects Webform and not all pages. - πΊπΈUnited States jrockowitz Brooklyn, NY
I think the problem is when the user does have access the X-Frame-Options header has to be removed from other pages including the access denied page and login screen.