Cross referencing a post doesn't create onebox

I’m trying to cross reference another post while replying to a post, it only posts the link and doesn’t create a OneBox embedded post.

Is there any setting to enable this feature? I just see it a circle briefly as I post the thread link on the same forum and then it just stays as a link.

This is VERY odd because it’s creating one boxes for posts from other websites or even from this forum, but links cross references within the same forum isn’t working, I just a animated circle next to the link and then it disappears. Any suggestions?

If your local ips resolve to a private ip range oneboxer will no longer process them for security reasons. We should probably have a setting for this @eviltrout.

I wonder if the oneboxer should return a “cannot onebox local IPs” onebox to make it more clear this is happening?

3 Likes

This would be great.

Also led me to investigate the DNS resolution. The DNS resolution of the server name wasn’t correct. Apparently Google’s DNS’s aren’t as good as one thinks, they’re referring to some old cached IP, switched to Level3 DNS. That fixed the DNS resolution of the server’s domain, however it hasn’t fixed the issue, discourse still appears to be using the old / cached IP (I’m taking an educated guess because onebox from other websites is working just not within the same domain, i.e. it’s still using the old cached IP returned by Google’s DNS)

Do I need to restart the service or rebuild it? If the DNS servers change at runtime what needs to be done to get Discourse to use the new DNS servers?

EDIT: Rebooted the machine but still doesn’t seem to work. Any suggestions? Is a rebuild required for a DNS server change?

Are you saying that if the local machine has a private IP (e.g. is behind an AWS elastic IP) oneboxer won’t work? The machine has to have a public IP?

@eviltrout can explain Monday why this is a security risk and is locked down out of the box.

2 Likes

Okay thanks, looking forward to the patch to enable this for private IP’s. Is there a YAML setting or something I can use meanwhile.

I can explain right now.

I’ve got a webserver right now running with two interfaces. One of those has port 80 and port 443 open to the outside world, and everything else locked down.

The other interface is on a 10.x.y.z internal network. DNS resolution happens through here, and routing defaults to use this interface. (It’s also how I ssh in, when I need to.)

If you can onebox stuff like say, my internal wiki, Discourse could act as a reverse proxy for you to probe my internal webpages. (Actually, the wiki won’t work, because you need a login to even view pages. But the point still stands.) Certainly the server can reach some internal webpages, but guessing the names would be difficult.

Locking oneboxes to only things on public Internet addesses limits the content to stuff that, presumably, you could access anyway.

3 Likes

@eviltrout how can I enable OneBox to use private IP’s to retrieve content? Is this a setting that can be made available (with a suitable warning below) in the Admin toolbox please.

You have to be patient - jeff only suggested a setting 16 hours ago. I will get it done today.

3 Likes

Wow - I was only looking for a workaround, you guys are awesome, thanks!

1 Like

Can you try the latest Discourse? I made it so that oneboxing the same forum should always work:

https://github.com/discourse/discourse/commit/a3729b51ebc9958904f15e5105754380de723997

I don’t think a setting is required.

7 Likes

Brilliant, working like a charm! Thank you for the lightning response. :thumbsup:

1 Like