Rocket.chat: Can't access RocketChat after setting iframe URL to localhost

You should secure the iframe and expose it with HTTPS.

And my understanding of the iframe is that it is viewed from the user workstation. Therefore, "localhost" may not work.

@h4wkmoon I believe the one that caused this issue is when I set the iframe URL field to http://localhost/development/rocket-chat under Administration > Accounts > Iframe And since I can't even access the admin anymore, I am unable to remove that URL.

@h4wkmoon Is there like a backdoor where I can reset / clear the settings under Administration > Accounts > Iframe I believe that is what I need to get this fixed.

maybe the rocketchat_settings collection, but that's very ugly way.
You have backups, right ?

And the nice way would be
Rest API

Hi @h4wkmoon,
I tried your suggestion. Using a admin account I did a GET on the following URL: https://test.com/api/v1/settings

And it returned the following configurable API settings:

0: {_id: "API_Allow_Infinite_Count", value: true}
1: {_id: "API_CORS_Origin", value: "*"}
2: {_id: "API_Default_Count", value: 50}
3: {_id: "API_Drupal_URL", value: ""}
4: {_id: "API_Embed", value: true}
5: {_id: "API_EmbedCacheExpirationDays", value: 30}
6: {_id: "API_EmbedDisabledFor", value: ""}
7: {_id: "API_EmbedIgnoredHosts", value: "localhost, 127.0.0.1, 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16"}
8: {_id: "API_EmbedSafePorts", value: "80, 443"}
9: {_id: "API_Embed_UserAgent", value: "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36…TML, like Gecko) Chrome/41.0.2227.0 Safari/537.36"}
10: {_id: "API_Embed_clear_cache_now", value: "OEmbedCacheCleanup"}
11: {_id: "API_Enable_CORS", value: true}
12: {_id: "API_Enable_Direct_Message_History_EndPoint", value: false}
13: {_id: "API_Enable_Rate_Limiter_Dev", value: true}
14: {_id: "API_Enable_Rate_Limiter_Limit_Calls_Default", value: 10}
15: {_id: "API_Enable_Rate_Limiter_Limit_Time_Default", value: 60000}
16: {_id: "API_Enable_Shields", value: true}
17: {_id: "API_GitHub_Enterprise_URL", value: ""}
18: {_id: "API_Gitlab_URL", value: ""}
19: {_id: "API_Shield_Types", value: "*"}
20: {_id: "API_Tokenpass_URL", value: ""}
21: {_id: "API_Upper_Count_Limit", value: 100}
22: {_id: "API_User_Limit", value: 1000}
23: {_id: "API_Wordpress_URL", value: ""}
24: {_id: "Accounts"}
25: {_id: "Accounts_AllowAnonymousRead", value: false}
26: {_id: "Accounts_AllowAnonymousWrite", value: false}
27: {_id: "Accounts_AllowDeleteOwnAccount", value: false}
28: {_id: "Accounts_AllowEmailChange", value: true}
29: {_id: "Accounts_AllowPasswordChange", value: true}
30: {_id: "Accounts_AllowRealNameChange", value: true}
31: {_id: "Accounts_AllowUserAvatarChange", value: true}
32: {_id: "Accounts_AllowUserProfileChange", value: true}
33: {_id: "Accounts_AllowUsernameChange", value: true}
34: {_id: "Accounts_AllowedDomainsList", value: ""}
35: {_id: "Accounts_AvatarBlockUnauthenticatedAccess", value: false}
36: {_id: "Accounts_AvatarCacheTime", value: 3600}
37: {_id: "Accounts_AvatarResize", value: true}
38: {_id: "Accounts_AvatarSize", value: 200}
39: {_id: "Accounts_BlockedDomainsList", value: ""}
40: {_id: "Accounts_BlockedUsernameList", value: ""}
41: {_id: "Accounts_ConfirmPasswordPlaceholder", value: ""}
42: {_id: "Accounts_CustomFields", value: ""}
43: {_id: "Accounts_CustomFieldsToShowInUserInfo", value: ""}
44: {_id: "Accounts_DefaultUsernamePrefixSuggestion", value: "user"}
45: {_id: "Accounts_Default_User_Preferences_audioNotifications", value: "mentions"}
46: {_id: "Accounts_Default_User_Preferences_autoImageLoad", value: true}
47: {_id: "Accounts_Default_User_Preferences_collapseMediaByDefault", value: false}
48: {_id: "Accounts_Default_User_Preferences_convertAsciiEmoji", value: true}
49: {_id: "Accounts_Default_User_Preferences_desktopNotificationDuration", value: 0}

But I am not sure which setting above is for Administration > Accounts > Iframe. Help please?

Looks like 24 is section, not a setting.
Can you try get settings/24?

Hi @h4wkmoon,
GET on settings/24 returned {"success":true} only :(

The API uses pagination, like they all should.

https://rocket.chat/docs/developer-guides/rest-api/offset-and-count-and-sort-info/

use option "?count=0" to disable it.

Hi @h4wkmoon,
Thank you that worked, it revealed all the settings.

I tried to reset all the settings to what I can remember but unfortunately I am still unable to get the chat app to load, it is currently just showing a dark-gray empty page on my end. I've already reached out to their support team, hoping that they could fix it.

Hey @carlo-fontanos did you solve the problem?

Hey @carlo-fontanos please execute the below curl command and see if it works for you.

Below curl command to clear API_URL, IFRAME_URL and IFRAME Enable. Below same url`s you can use it postman as well.

Auth Token and userId
curl -k https:///api/v1/login \
-d "user=&password="

curl -X POST -H "X-Auth-Token: " \
-H "X-User-Id: " \
-H "Content-type:application/json" \
-k https:///api/v1/settings/Accounts_Iframe_api_url \
-d '{ "value": ""}'

curl -X POST -H "X-Auth-Token: " \
-H "X-User-Id: " \
-H "Content-type:application/json" \
-k https:///api/v1/settings/Accounts_iframe_url \
-d '{ "value": ""}'

curl -X POST -H "X-Auth-Token: " \
-H "X-User-Id: " \
-H "Content-type:application/json" \
-k https:///api/v1/settings/Accounts_iframe_enabled \
-d '{ "value": false}'

Hello, do you try login in console withMeteor.loginWithPassword('your-email', 'your-password'); and after reset iframe configurations @MarcosSpessatto?

Hi a quick way to resolve getting back to the admin console via iframe :

1. Go to iframe browser console (CTRL+SHIFT+I).
2. Meteor.loginWithPassword('username-or-email', 'your-password');
3. Visit the chat server url.

its also mentioned in the docs here : https://rocket.chat/docs/developer-guides/iframe-integration/authentication/#how-to-login-in-rocketchat-with-default-account-system-while-in-development

1. Go to iframe browser console (CTRL+SHIFT+I).
2. Meteor.loginWithPassword('username-or-email', 'your-password');
3. Visit the chat server url.

Thanks for this help. It's really helpful. Now I get back my rocket chat working after login I disable Iframe. Now all is okay.