views:

70

answers:

0

I have a problem with CSRF validation failing on iframes in IE.

I've learned I can fix it if i had access to parent page server

by adding certain headers to my headers according to post http://stackoverflow.com/questions/389456/cookie-blocked-not-saved-in-iframe-in-internet-explorer, but I have no access to the parent page (third party host platform).

The page in question is:

http://yuchan.myshopify.com/collections/iphone-4-artist-series/products/custom-product

Click on "Upload your art" (step 2) and try to upload something in IE. CSRF error.

I am going to disable CSRF protection but was curious what others thought of my situation.

Thanks!