403 when embedding a Digital Ocean droplet

docker

(takaminacchan) #1

Been trying to solve this with a Digital Ocean technician for a couple days, but the situation seems too specific for his competence and I assume I’m not the only person who ran into this problem.

A place where the bug occurs: http://beckyverse.com/writing/cergy-1314/returning-fr

I’m trying to embed Discourse threads on some pages of my main site warranting discussion, which is Kirby CMS-based. Here’s a discussion I had attempting to solve the problem on the Kirby support forum. Trouble is, I’m getting a 403 when the main site attempts to load the comments thread. I’ve already browsed through most of the obviously available resources, and haven’t been able to solve the problem on my own, so I assume either the problem is just badly documented or my lack of competence with Docker is preventing me from advancing any further.

What I’m roughly sure about:

The issue is CORS-related. The main site is actually able to load part of the Discourse instance (the blue links at the bottom of the article are the custom header of my Discourse instance), but it can’t load the threads proper.

Based on the error messages I’m getting, I assume the problem occurs at the nginx layer. enable-cors.org describes a method to get nginx to comply with CORS requests, but Discourse running in a Docker container means I can’t just edit the configuration file of nginx within the container and expect the fix to last. Admittedly, I haven’t tried (I’d like to go straight for the “hopefully lasting fix”) because I don’t know how exactly the configuration file is structured. In other words, I’m looking for an action I’d be able to apply to app.yml in order to properly configure nginx (assuming it’s actually the problem) in the rebuilt container.

What I’ve looked at:

I’ve tried comparing my network logs with this page’s on eviltrout’s blog. It looks roughly the same, except for the 403 error occurring on my side.

I’ve included the CORS fix plugin’s installation in my app.yml file.

https://meta.discourse.org/t/x-frame-options-sameorigin-header-prevents-embedding/14928/9

I’ve tried the generic “Access-Control-Allow-Origin: *” implementation in the app.yml file, and removed it because it didn’t seem to change anything.

Sooo yeah, basically I’m stuck. Any leads?

EDIT: Here’s a log from the Discourse instance logs:

HTTP_HOST: talk.beckyverse.com
REQUEST_URI: /logs/report_js_error
REQUEST_METHOD: POST
HTTP_USER_AGENT: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:28.0) Gecko/20100101 Firefox/28.0
HTTP_ACCEPT: */*
HTTP_REFERER: http://talk.beckyverse.com/embed/comments?embed_url=http%3A%2F%2Fbeckyverse.com%2Fwriting%2Fcergy-1314%2Freturning-fr
HTTP_X_FORWARDED_FOR: 81.64.111.155
HTTP_X_REAL_IP: 81.64.111.155

params:
 message: TypeError: PreloadStore.get(...) is undefined
 Url: http://talk.beckyverse.com/embed/comments?embed_ur
 url: http://talk.beckyverse.com/embed/comments?embed_url=http%3A%2F%2Fbeckyverse.com%2Fwriting%2Fcergy-131
 line: 241
 window_location: http://talk.beckyverse.com/embed/comments?embed_url=http%3A%2F%2Fbeckyverse.com%2Fwriting%2Fcergy-131

(Jeff Atwood) #2

What do you mean by embed? Can you be more specific?

Discourse does not support being embedded in a frame. However, embedding comments should work if you follow the instructions on Robin’s blog. You can see this live on http://blog.codinghorror.com as well.


(takaminacchan) #3

I mean to do what you’re doing on the site you just linked (“use Discourse as a comments engine for a blog”). I assume Robin is eviltrout?

Embedding Discourse in Static Sites - Evil Trout’s Blog <-- I followed this tutorial. A priori the javascript implementation is alright on the main site’s side, but when I try to load relevant pages on said site the threads can’t be loaded (the JS code gets 403’d). They do exist on the Discourse instance at talk.beckyverse.com, though…


(Robin Ward) #4

Yes I am Robin as well as Evil Trout :slight_smile:

If you followed those instructions and are getting access errors, you might want to double check the embeddable_host setting to make sure it is correct. That is the cause of the issue 99% of the time.


(takaminacchan) #5

Weeeell I was apparently among the 99% :’)

Problem was the embeddable_host was set to http://foo.com instead of foo.com.

Thanks a lot!

EDIT: http://eviltrout.com/ <-- How do you obtain/display the amount of replies here? (The “View the full article to comment on it (3 replies)” bit.)


(Robin Ward) #6

To do that:

  • Embed this Javascript on your index page (or page that links to an article).

  • It will add the counts to each link that has #discourse-comments in it.


(Jeff Atwood) #7

OK I made it so the site setting prevents entering “http” as the first part of the string, and also mentions “hostname only” in the description.