Discourse not shown in iframe

Aloha Communtiy, i am trying to put discourse in an iframe since i don’t have free wildcards at my dyndny hoster.

I run my main apache server at port 80 and the docker containing discourse redirects to port 82.

the page i am talking about is here: http://archy.no-ip.org/forum/

instead of the discourse page at http://archy.no-ip.org:81 it just shows the blank container.

i first thought that it might be a problem with iframe to shown pages which don’t use port 80 or 443 but since another test shows that my plone-environment at port 81 (http://archy.no-ip.org/iframe-test-different-port/) is shown correctly that cannot be it.

Any ideas what’s wrong?

thanks and greetings

I wouldn’t plan on it happening.

https://meta.discourse.org/t/loading-stuck-inside-an-iframe/20467/6

But why isn’t it working? can there be done anything else to integrate it into the website?

We do not support running in an iframe.

Discourse (actually Rails) sends a X-Frame-Options header that tells browsers that the site does not wish to be embedded in an iframe, hence all modern browsers will simply render a white square. You can see this in e.g. Chrome’s dev console which says

Refused to display 'http://archy.no-ip.org:82/' in a frame because it set 'X-Frame-Options' to 'SAMEORIGIN'.

The only way to “fix” this is to hack Discourse yourself: move the EmbedController's before_filter and ensure_embeddable method into the main ApplicationController and set the embeddable host site setting. But, while it can be done, you’ll be on extremely unsupported terrain…

thanks a lot! i thought it would be pretty to have it in an iframe.

will look if i can dig in the code to remove this X-Frame-Options header.

since then i will just use a link.

Many thanks for your reply!

I don’t think this is a good answer, we need to know how to support. You can say not supporting now, and the probability solution is …

That post was made before the probability [sic possible] solution was provided in the next post made by elberet

Just need to add below points inside env Tag, & it will help in fixing issue Xframe option with sameorigin. works for me.

env:
UNICORN_WORKERS: 4
DISCOURSE_ENABLE_CORS: true**
DISCOURSE_CORS_ORIGIN: ‘*’

I’m able to load Discourse in an iframe … on Firefox. But not Chrome (or Safari). In Chrome I have the following problem: Nothing is clickable! If I open the inspector and drill into the source it will highlight various elements (e.g. rows), but neither right clicks nor left clicks on any content of iframe have an effect. Any suggestions?

That not change the X-Frame-Options header flag…

There is some checksum or something… because if I modify this file the app wont start…

A solution to run Discourse in an iframe is to create a plugin that contains the following code in plugin.rb:

# Changes X-Frame-Options so the site can be embedded in an iframe. See:
# https://github.com/BeXcellent/discourse-allowiframe/blob/master/plugin.rb
# https://github.com/TheBunyip/discourse-allow-same-origin/blob/master/plugin.rb
Rails.application.config.action_dispatch.default_headers.merge!({'X-Frame-Options' => 'ALLOWALL'})

Thanks Jack! I was forked and uploaded a plugin on github in case of someone need it…

https://github.com/somoza/discourse-xorigin/blob/master/plugin.rb

There is a new challenge now, inside the iframe appear an “You were logged out.” modal… I’m researching for solve this…

image.png979×177 5.37 KB

We do say this is unsupported for a reason.

And the reason is…?

@Julian_Somoza, the Discourse team promotes an opinionated way of using Discourse and will not support alternatives. Additionally, they always reminds people of that fact.

That being said, I’m not from the Discourse team, so I can discuss your issue I use Discourse in an iframe for my project and never got the “You were logged out” modal.

And you just overrided the X-Frame-Options header or you did something else? We use Zimbra and want to put the Discourse inside a Zimlet…

I overrided The X-Frame-Options header.
I also set same site cookies do Disabled in the settings, but I don’t remember why and if it is required.