Looks like a outdated plugin. Upgrade to latest.
nodeBB not run in Iframe
MJ last edited by
If I want to iframe my nodebb i see a white page. No error or something.
It was fixed once but now it isn't.
I use nodeBB 1.8.2
What do i need to enter at
Set ALLOW-FROM to Place NodeBB in an iFramenow i'm having my nodeBB domain, is that okay or should i put there something else?
MJ last edited by
Checking: http://keen.wtf Result Header X-Frame-Options found. The header ist set to ALLOW-FROM HTTP. This means the page most likely cannot be included into an iframe because the ALLOW-FROM header is not supported by all major browsers. Header X-Frame-Options found. The header ist set to ALLOW-FROM HTTP. This means the page most likely cannot be included into an iframe because the ALLOW-FROM header is not supported by all major browsers. This url cannot be checked as it does contain a placeholder or this is no real url Show the full header Header for: http://keen.wtf HTTP/1.1 200 OK X-DNS-Prefetch-Control: off X-Frame-Options: ALLOW-FROM http://keen.wtf Strict-Transport-Security: max-age=15552000; includeSubDomains X-Download-Options: noopen X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block Referrer-Policy: strict-origin-when-cross-origin X-Powered-By: KEEN.wtf Content-Type: text/html; charset=utf-8 Content-Length: 482067 ETag: W/"75b13-4uIkOfTjbv/gEx2WD0Q4UbF2nDQ" set-cookie: express.sid=s%3A9mux0ISfWcuoXHbNlN3FKS_xFjtPjrwe.y1iS5TkzeleShycMxwq0SnW8F3qasGgbExXkhcyfYOw; Path=/; Expires=Thu, 28 Jun 2018 11:18:25 GMT; HttpOnly Vary: Accept-Encoding Date: Sun, 29 Apr 2018 11:18:25 GMT Connection: keep-alive
There's a setting in the ACP for this. Have you tried searching for iframe?
According to this page, the value you are looking for would likely be:
Once it is set, refresh the main NodeBB page and inspect request headers, you should see it sent properly.
Edit: Looks like the header is set properly... honestly right now I don't know why I'm getting the "refused to connect" error...
Actually looks like right now it's set to
X-Frame-Options: ALLOW-FROM ALLOW-FROM
MJ last edited by MJ
i've set it to
Header set X-Frame-Options "ALLOW-FROM http://keen.wtf/"and it works now
nope, only the first time it worked