I’m in love with Invoice Ninja! Does everything I need. However, I’m having some difficulty getting the portal to work correctly when accessed through an iFrame on my website.
I’m sure it’s something I’ve missed, but I can’t seem to figure it out.
I can access the portal just fine if I visit my sub-domain like so: https://ninja.example.com/client/login
I’m able to log in as a test client with the client contact’s email and password.
However, when I try to access the portal from an iFrame on my website: https://www.example.com/portal I get error messages about the credentials not being found.
I’m using the following code for my iFrame:
<center> iframe code here </center> var iframe = document.getElementById('invoiceIFrame'); var search = window.location.search + '//'; var silent = search.indexOf('silent') > 0; var parts = search.replace('?silent=true', '').split('/'); iframe.src = 'https://ninja.example.com/' + parts + '/' + parts.substring(1, 33) + '/' + parts + (silent ? '?silent=true' : '');
The weird thing is that when I modify the following line:
iframe.src = 'https://ninja.example.com/' + parts + '/' + parts.substring(1, 33) + '/' + parts + (silent ? '?silent=true' : '');
iframe.src = 'https://ninja.example.com/client/login';
My question is, Is this the correct way to do this? Am I making my site vulnerable by doing it this way?
Any suggestions are welcome.
Thanks and keep up the great work!