nodeBB not run in Iframe



  • If I want to iframe my nodebb i see a white page. No error or something.

    It was fixed once but now it isn't.

    I use nodeBB 1.8.2

    What do i need to enter at Set ALLOW-FROM to Place NodeBB in an iFrame now i'm having my nodeBB domain, is that okay or should i put there something else?



  • extra info

    Checking: http://keen.wtf
    
    Result
    Header X-Frame-Options found.
    The header ist set to ALLOW-FROM HTTP. This means the page most likely cannot be included into an iframe because the ALLOW-FROM header is not supported by all major browsers. Header X-Frame-Options found.
    The header ist set to ALLOW-FROM HTTP. This means the page most likely cannot be included into an iframe because the ALLOW-FROM header is not supported by all major browsers. This url cannot be checked as it does contain a placeholder or this is no real url
    Show the full header
    
    Header for: http://keen.wtf
    HTTP/1.1 200 OK 
    X-DNS-Prefetch-Control: off 
    X-Frame-Options: ALLOW-FROM http://keen.wtf 
    Strict-Transport-Security: max-age=15552000; includeSubDomains 
    X-Download-Options: noopen 
    X-Content-Type-Options: nosniff 
    X-XSS-Protection: 1; mode=block 
    Referrer-Policy: strict-origin-when-cross-origin 
    X-Powered-By: KEEN.wtf 
    Content-Type: text/html; charset=utf-8 
    Content-Length: 482067 
    ETag: W/"75b13-4uIkOfTjbv/gEx2WD0Q4UbF2nDQ" 
    set-cookie: express.sid=s%3A9mux0ISfWcuoXHbNlN3FKS_xFjtPjrwe.y1iS5TkzeleShycMxwq0SnW8F3qasGgbExXkhcyfYOw; Path=/; Expires=Thu, 28 Jun 2018 11:18:25 GMT; HttpOnly 
    Vary: Accept-Encoding 
    Date: Sun, 29 Apr 2018 11:18:25 GMT 
    Connection: keep-alive 
    

  • Global Moderator

    There's a setting in the ACP for this. Have you tried searching for iframe?


  • Admin

    Hi @mj -- here is the MDN page for X-Frame-Options

    According to this page, the value you are looking for would likely be:

    ALLOW-FROM http://keen.wtf/

    Once it is set, refresh the main NodeBB page and inspect request headers, you should see it sent properly.


    Edit: Looks like the header is set properly... honestly right now I don't know why I'm getting the "refused to connect" error... 😕


  • Admin

    Actually looks like right now it's set to X-Frame-Options: ALLOW-FROM ALLOW-FROM 😕



  • i've set it to Header set X-Frame-Options "ALLOW-FROM http://keen.wtf/" and it works now 🙂

    nope, only the first time it worked 😞


 

| |