I am using SSO with Wordpress and it setup when a user logs into the wordpress site an iframe opens to call the sso to login in the user to the discourse site.
I am using the code @AdamCapriola posted here.
I have turned on CORS on the Discourse installation and rebuilt the app, as my wordpress site sits at mysite.com and my discourse site sits at forums.mysite.com:Port# as they are on the same vps. the NGINX server that runs my wordpress site also acts as a proxy to my Discourse site.
My issue is I am receiving the error:
Load denied by X-Frame-Options: http://forums.mysite.com/ does not permit cross-origin framing.
Whats funny to me is that the call is actually going through cause the user does get logged into the discourse site, but the error stops the wordpress page from completely loading.
Checking the header i see that
X-Frame-Options: SAMEORIGIN is set. Since i have discourse set on a different port this is blocking my call. How best can i alter this for discourse? Does CORS not affect X-Frame-Options?