@a_5mith NodeBB should properly support Waterfox 28 when we upgrade to socket.io 1.0.
Still waiting on Automattic/socket.io#1630... grrr
If I want to iframe my nodebb i see a white page. No error or something.
It was fixed once but now it isn't.
I use nodeBB 1.8.2
What do i need to enter at Set ALLOW-FROM to Place NodeBB in an iFrame
now i'm having my nodeBB domain, is that okay or should i put there something else?
extra info
Checking: http://keen.wtf
Result
Header X-Frame-Options found.
The header ist set to ALLOW-FROM HTTP. This means the page most likely cannot be included into an iframe because the ALLOW-FROM header is not supported by all major browsers. Header X-Frame-Options found.
The header ist set to ALLOW-FROM HTTP. This means the page most likely cannot be included into an iframe because the ALLOW-FROM header is not supported by all major browsers. This url cannot be checked as it does contain a placeholder or this is no real url
Show the full header
Header for: http://keen.wtf
HTTP/1.1 200 OK
X-DNS-Prefetch-Control: off
X-Frame-Options: ALLOW-FROM http://keen.wtf
Strict-Transport-Security: max-age=15552000; includeSubDomains
X-Download-Options: noopen
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Referrer-Policy: strict-origin-when-cross-origin
X-Powered-By: KEEN.wtf
Content-Type: text/html; charset=utf-8
Content-Length: 482067
ETag: W/"75b13-4uIkOfTjbv/gEx2WD0Q4UbF2nDQ"
set-cookie: express.sid=s%3A9mux0ISfWcuoXHbNlN3FKS_xFjtPjrwe.y1iS5TkzeleShycMxwq0SnW8F3qasGgbExXkhcyfYOw; Path=/; Expires=Thu, 28 Jun 2018 11:18:25 GMT; HttpOnly
Vary: Accept-Encoding
Date: Sun, 29 Apr 2018 11:18:25 GMT
Connection: keep-alive
There's a setting in the ACP for this. Have you tried searching for iframe?
Hi @mj -- here is the MDN page for X-Frame-Options
According to this page, the value you are looking for would likely be:
ALLOW-FROM http://keen.wtf/
Once it is set, refresh the main NodeBB page and inspect request headers, you should see it sent properly.
Edit: Looks like the header is set properly... honestly right now I don't know why I'm getting the "refused to connect" error...
Actually looks like right now it's set to X-Frame-Options: ALLOW-FROM ALLOW-FROM
i've set it to Header set X-Frame-Options "ALLOW-FROM http://keen.wtf/"
and it works now
nope, only the first time it worked