nodeBB not run in Iframe

MJ

If I want to iframe my nodebb i see a white page. No error or something.

It was fixed once but now it isn't.

I use nodeBB 1.8.2

What do i need to enter at Set ALLOW-FROM to Place NodeBB in an iFrame now i'm having my nodeBB domain, is that okay or should i put there something else?

MJ

extra info

Checking: http://keen.wtf

Result
Header X-Frame-Options found.
The header ist set to ALLOW-FROM HTTP. This means the page most likely cannot be included into an iframe because the ALLOW-FROM header is not supported by all major browsers. Header X-Frame-Options found.
The header ist set to ALLOW-FROM HTTP. This means the page most likely cannot be included into an iframe because the ALLOW-FROM header is not supported by all major browsers. This url cannot be checked as it does contain a placeholder or this is no real url
Show the full header

Header for: http://keen.wtf
HTTP/1.1 200 OK 
X-DNS-Prefetch-Control: off 
X-Frame-Options: ALLOW-FROM http://keen.wtf 
Strict-Transport-Security: max-age=15552000; includeSubDomains 
X-Download-Options: noopen 
X-Content-Type-Options: nosniff 
X-XSS-Protection: 1; mode=block 
Referrer-Policy: strict-origin-when-cross-origin 
X-Powered-By: KEEN.wtf 
Content-Type: text/html; charset=utf-8 
Content-Length: 482067 
ETag: W/"75b13-4uIkOfTjbv/gEx2WD0Q4UbF2nDQ" 
set-cookie: express.sid=s%3A9mux0ISfWcuoXHbNlN3FKS_xFjtPjrwe.y1iS5TkzeleShycMxwq0SnW8F3qasGgbExXkhcyfYOw; Path=/; Expires=Thu, 28 Jun 2018 11:18:25 GMT; HttpOnly 
Vary: Accept-Encoding 
Date: Sun, 29 Apr 2018 11:18:25 GMT 
Connection: keep-alive

PitaJ

There's a setting in the ACP for this. Have you tried searching for iframe?

julian

Hi @mj -- here is the MDN page for X-Frame-Options

According to this page, the value you are looking for would likely be:

ALLOW-FROM http://keen.wtf/

Once it is set, refresh the main NodeBB page and inspect request headers, you should see it sent properly.

Edit: Looks like the header is set properly... honestly right now I don't know why I'm getting the "refused to connect" error... $:\$

julian

Actually looks like right now it's set to X-Frame-Options: ALLOW-FROM ALLOW-FROM $:\$

MJ

~~i've set it to Header set X-Frame-Options "ALLOW-FROM http://keen.wtf/" and it works now~~

nope, only the first time it worked

nodeBB not run in Iframe

Suggested Topics

NodeBB doesn't work properly on Waterfox 28.
Bug Reports • • a_5mith

did a nodebb upgrade, ACP says I'm not up-to-date
Bug Reports • bug • • Giorgio Chiodi

Update to 0.4.3 - crashing nodebb
Bug Reports • • nexed

[Solved] Spinning up a second instance of NodeBB on same server.. issues with redis?
Bug Reports • • kelso

Move a NodeBB forum
Bug Reports • • Ted

Get Started

Resources

Company

nodeBB not run in Iframe

Suggested Topics

NodeBB doesn't work properly on Waterfox 28. Bug Reports • • a_5mith

did a nodebb upgrade, ACP says I'm not up-to-date Bug Reports • bug • • Giorgio Chiodi

Update to 0.4.3 - crashing nodebb Bug Reports • • nexed

[Solved] Spinning up a second instance of NodeBB on same server.. issues with redis? Bug Reports • • kelso

Move a NodeBB forum Bug Reports • • Ted

Get Started

Resources

Company

NodeBB doesn't work properly on Waterfox 28.
Bug Reports • • a_5mith

did a nodebb upgrade, ACP says I'm not up-to-date
Bug Reports • bug • • Giorgio Chiodi

Update to 0.4.3 - crashing nodebb
Bug Reports • • nexed

[Solved] Spinning up a second instance of NodeBB on same server.. issues with redis?
Bug Reports • • kelso

Move a NodeBB forum
Bug Reports • • Ted