Traccar embed into iframe (with Token Access) - HTTP 401 Unauthorized

Eduardo3 years ago

Hi guys!

I'm trying to embed traccar (using Token access) into a iframe, but i got the following error: HTTP 401 Unauthorized - WebApplicationException (SecurityRequestFilter:113 < ...)
Note: If I enter from the browser directly (using the access Token) it works perfectly.

This is the HTML code (with the server URL and the DEMO Token)

<html>
<head>
    <title></title>
</head>
<body>
    <iframe src="http://gps.focustech.com.ar/?token=YTbidCOoXQbgsZSIovkipNAXz3nMznxm"></iframe>
</body>
</html>
Anton Tananaev3 years ago

Have you configured SameSite on your server?

Eduardo3 years ago

That was exactly the problem.

Add the following instructions to the apache virtualhost and it worked perfectly:

Header add Access-Control-Allow-Origin "*"
Header edit Set-Cookie ^(.*)$ $1;HttpOnly;Secure;SameSite=None

Thank you so much!

sosapablo3 years ago

Eduardo, very good news, I had been waiting for a solution like this for a long time

Could you specify in the file that you have added those lines inside the apache2

thank.

Ruben2 years ago

Hello Uduardo,
Can you paste your Virtualhost?
Can't find out how to set it the right way.

Eduardo2 years ago

Yes for sure!

<VirtualHost *:80>
        ServerName myserver.com.ar
        ServerAlias myserver.com.ar
        ProxyPreserveHost On
        Header add Access-Control-Allow-Origin "*"
        Header edit Set-Cookie ^(.*)$ $1;HttpOnly;Secure;SameSite=None

        ProxyPass /api/socket ws://localhost:8082/api/socket
        ProxyPassReverse /api/socket ws://localhost:8082/api/socket

        ProxyPass / http://localhost:8082/
        ProxyPassReverse / http://localhost:8082/
</VirtualHost>
Ruben2 years ago

Thanks,

but when i add the lines and do "sudo service apache2 restart" it gets the error

Job for apache2.service failed because the control process exited with error code.
See "systemctl status apache2.service" and "journalctl -xe" for details.

This is my virtualHost

<VirtualHost *:80>
  ServerName traccar.xxx.nl
  Redirect / https://traccar.xxx.nl/
</VirtualHost>

<IfModule mod_ssl.c>
        <VirtualHost _default_:443>

                ServerName traccar.xxx.nl
                ServerAdmin webmaster@localhost

                Header add Access-Control-Allow-Origin "*"
                Header edit Set-Cookie ^(.*)$ $1;HttpOnly;Secure;SameSite=None

                DocumentRoot /var/www/html
                ProxyPass /api/socket ws://localhost:8082/api/socket
                ProxyPassReverse /api/socket ws://localhost:8082/api/socket

                ProxyPass / http://localhost:8082/
                ProxyPassReverse / http://localhost:8082/


SSLCertificateFile /etc/letsencrypt/live/traccar.xxx.nl/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/traccar.xxx.nl/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf

</VirtualHost>
</IfModule>

i'm running traccar on a raspberry

Ruben2 years ago

Ok. Got it working now.
had to load the headers mod by

$ sudo a2enmod headers
$ sudo service apache2 restart
Ledz2 years ago

will it work without ssl?

Ruben2 years ago

what do you want to do without SSL

Ledz2 years ago

embed http://traccar:8082 in iframe.

so i have xampp on localhost and on another computer i have traccar. i want to embed traccar from another computer on my xampp installed pc. so i have localhost

Ruben2 years ago

as both hosts do not use ssl you should easily can use an iframe

Ledz2 years ago

yes i know but its not working, after login and refresh i need to relogin again in iframe.

i have apache samesite none but no luck

rafavlack2 years ago

Greetings, I have the same problem with the embedded web (the entire application). The server is mounted on linux, it was installed with its own installer and its own services. Could you help me with this detail, what configurations should be done.
Thanks in advance.