nodeBB not run in Iframe

Bug Reports
Log in to reply
  • MJ

    If I want to iframe my nodebb i see a white page. No error or something.

    It was fixed once but now it isn't.

    I use nodeBB 1.8.2

    What do i need to enter at Set ALLOW-FROM to Place NodeBB in an iFrame now i'm having my nodeBB domain, is that okay or should i put there something else?

    0
  • MJ

    extra info

    Checking: http://keen.wtf

Result
Header X-Frame-Options found.
The header ist set to ALLOW-FROM HTTP. This means the page most likely cannot be included into an iframe because the ALLOW-FROM header is not supported by all major browsers. Header X-Frame-Options found.
The header ist set to ALLOW-FROM HTTP. This means the page most likely cannot be included into an iframe because the ALLOW-FROM header is not supported by all major browsers. This url cannot be checked as it does contain a placeholder or this is no real url
Show the full header

Header for: http://keen.wtf
HTTP/1.1 200 OK 
X-DNS-Prefetch-Control: off 
X-Frame-Options: ALLOW-FROM http://keen.wtf 
Strict-Transport-Security: max-age=15552000; includeSubDomains 
X-Download-Options: noopen 
X-Content-Type-Options: nosniff 
X-XSS-Protection: 1; mode=block 
Referrer-Policy: strict-origin-when-cross-origin 
X-Powered-By: KEEN.wtf 
Content-Type: text/html; charset=utf-8 
Content-Length: 482067 
ETag: W/"75b13-4uIkOfTjbv/gEx2WD0Q4UbF2nDQ" 
set-cookie: express.sid=s%3A9mux0ISfWcuoXHbNlN3FKS_xFjtPjrwe.y1iS5TkzeleShycMxwq0SnW8F3qasGgbExXkhcyfYOw; Path=/; Expires=Thu, 28 Jun 2018 11:18:25 GMT; HttpOnly 
Vary: Accept-Encoding 
Date: Sun, 29 Apr 2018 11:18:25 GMT 
Connection: keep-alive
    julian 1 Reply 0
  • PitaJ
    Global Moderator Plugin & Theme Dev

    There's a setting in the ACP for this. Have you tried searching for iframe?

    0
  • julian
    GNU/Linux Admin

    Hi @mj -- here is the MDN page for X-Frame-Options

    According to this page, the value you are looking for would likely be:

    ALLOW-FROM http://keen.wtf/

    Once it is set, refresh the main NodeBB page and inspect request headers, you should see it sent properly.

    Edit: Looks like the header is set properly... honestly right now I don't know why I'm getting the "refused to connect" error... 😕

    0
  • julian
    GNU/Linux Admin

    Actually looks like right now it's set to X-Frame-Options: ALLOW-FROM ALLOW-FROM 😕

    0
  • MJ

    i've set it to Header set X-Frame-Options "ALLOW-FROM http://keen.wtf/" and it works now 🙂

    nope, only the first time it worked 😞

    0

Suggested Topics

| |
Copyright © 2022 NodeBB | Contributors

Get Started

Resources

Company

Start Free Trial
Github Facebook Instagram Twitter
© 2014 – 2022 NodeBB, Inc. — Made in Canada.