On a site I help run, we’ve recently found that a certain site fails to onebox (becomes a large empty space). We would have just blocked the domain from oneboxing, but that breaks oneboxing the forum hosted at a sub-domain of that site. Is it possible for us to allow the sub-domains to onebox without allowing the top domain to onebox?
For example, this main-site onebox fails (https://replit.com/@Firepup650/Yeehaw
):
But the subdomain (Discourse) is fine (https://ask.replit.com/t/my-intro-i-guess/20705
):
unfortunately i don’t think that is possible as per this topic
There seems to be something off with the link that creates the giant blank space. In the preview I notice it tries to give a big ‘Replit’ logo image. Could it be that the image used on those type of pages is breaking the onebox? Sorting that out may help them resolve nicely.
There’s a specific script for Replit oneboxes:
When we paste a Replit link, the composer shows the expected result:
When the post is processed, the link is transformed into an empty iframe.
<iframe width="695" height="521" frameborder="0" data-unsanitized-src="https://replit.com/@Firepup650/Yeehaw?embed=true" seamless="seamless" sandbox="allow-same-origin allow-scripts allow-forms allow-popups allow-popups-to-escape-sandbox allow-presentation">
#document
<html>
<head></head>
<body></body>
</html>
</iframe>
I don’t know if the issue comes from Replit or from the onebox script. I’d guess it’s the script, but I’m no coder
The link has proper opengraph tags, though: Sharing Debugger - Meta for Developers
I actually got it to work so that Discourse would not onebox replit.com
but would onebox ask.replit.com
. For some reason that only worked once though. After that it just blocked all oneboxing on both domains. Odd.
I help run the same forum as Firepup
After explicitly allowing Replit iframes, the following iframe code (Which seems similar to what @Canapin posted) works fine:
<iframe frameborder="0" width="500px" height="500px" src="https://replit.com/@Firepup650/Yeehaw?embed=true"></iframe>
Manual testing confirms that this specific part of the iframe is the issue. Changing it to just src
works as expected (See third post on this topic)