I’m in love with Invoice Ninja! Does everything I need. However, I’m having some difficulty getting the portal to work correctly when accessed through an iFrame on my website.
I’m sure it’s something I’ve missed, but I can’t seem to figure it out.
I can access the portal just fine if I visit my sub-domain like so: https://ninja.example.com/client/login
I’m able to log in as a test client with the client contact’s email and password.
However, when I try to access the portal from an iFrame on my website: https://www.example.com/portal I get error messages about the credentials not being found.
I’m using the following code for my iFrame:
<center>
iframe code here
</center>
var iframe = document.getElementById('invoiceIFrame');
var search = window.location.search + '//';
var silent = search.indexOf('silent') > 0;
var parts = search.replace('?silent=true', '').split('/');
iframe.src = 'https://ninja.example.com/' + parts[1] + '/' + parts[0].substring(1, 33) + '/' + parts[2] + (silent ? '?silent=true' : '');
The weird thing is that when I modify the following line:
iframe.src = 'https://ninja.example.com/' + parts[1] + '/' + parts[0].substring(1, 33) + '/' + parts[2] + (silent ? '?silent=true' : '');
To be:
iframe.src = 'https://ninja.example.com/client/login';
It works!
My question is, Is this the correct way to do this? Am I making my site vulnerable by doing it this way?
Any suggestions are welcome.
Thanks and keep up the great work!