discourseEmbed, does not match recipient window origin

I am trying to embed Discourse comments into an external site, and getting a CORS-like error in the console of the external site. It is a CKAN site using a 3rd party plugin for Discourse integration (plugin link). Both sites are served over HTTPS.

The Discourse iFrame loads on the external site, there’s a message “Loading Discussion…” that tries to load comments. It reloads the iFrame about every 10 seconds, in a loop.

The error in CKAN console:

Failed to execute 'postMessage' on 'DOMWindow': The target 
origin provided ('https://discourse-site') does not match the  
recipient window's origin ('https://ckan-site').

In the Discourse error log:

Job exception: SSL_connect returned=1 errno=0 state=error: certificate verify failed

By opening the env tab, i get the following details.

hostname	forum-app
process_id	[97, 101, 3295, 7109, 174, 98, 104]
application_version	[ae671355da1db07dedd4a1c927282ce7ce8ecc33, 476ae57af300b6a052318f66a1c84d3e791c0d26, ce7c3bfc14c873b952bb4242d2d2b9ac5ae466d6]
current_db	default
current_hostname	discourse-site.com
job	Jobs::RetrieveTopic
problem_db	default
opts	null
user_id	3
embed_url	[https://ckan-site/dataset/test-003, https://ckan-site/dataset/test-06]
referer	[https://ckan-site/dataset/test-003, https://ckan-site/dataset/test-06, https://discourse-site/embed/comments?embed_url=https%3A%2F%2Fckan-site%2Fdataset%2Ftest-003, https://discourse-site/embed/comments?embed_url=https%3A%2F%2Fckan-site%2Fdataset%2Ftest-06]
current_site_id	default

###Related posts

https://meta.discourse.org/t/403-error-embedding-comments/42923

This is the Ruby log during the attempted pairing by CKAN extension.

Started GET "/embed/comments?embed_url=https%3A%2F%2Fmydomain.ca%2Fdataset%2Ftest-number-08" for 192.222.209.126 at 2017-03-16 01:16:34 +0000
Processing by EmbedController#comments as HTML
  Parameters: {"embed_url"=>"https://mydomain.ca/dataset/test-number-08"}
  Rendered embed/embed_error.html.erb within layouts/embed (1.9ms)
Completed 200 OK in 11ms (Views: 6.1ms | ActiveRecord: 1.3ms)
Started GET "/push-service-worker.js" for 192.222.209.126 at 2017-03-16 01:16:35 +0000
Processing by DiscoursePushNotifications::ServiceWorkerController#push as */*
  Rendered plugins/discourse-push-notifications/assets/javascripts/push-service-worker.js (0.0ms)
Completed 200 OK in 5ms (Views: 0.5ms | ActiveRecord: 0.8ms)
Started GET "/latest.json?_=1489619147351" for 192.222.209.126 at 2017-03-16 01:16:52 +0000
Processing by ListController#latest as JSON
  Parameters: {"_"=>"1489619147351"}
Completed 200 OK in 75ms (Views: 0.1ms | ActiveRecord: 19.3ms)
Started GET "/categories_and_latest?_=1489619147352" for 192.222.209.126 at 2017-03-16 01:16:54 +0000
Processing by CategoriesController#categories_and_latest as JSON
  Parameters: {"_"=>"1489619147352"}
Completed 200 OK in 94ms (Views: 0.2ms | ActiveRecord: 17.2ms)
Started GET "/c/datasets/l/latest.json?_=1489619147353" for 192.222.209.126 at 2017-03-16 01:16:59 +0000
Processing by ListController#category_latest as JSON
  Parameters: {"_"=>"1489619147353", "category"=>"datasets"}
Completed 200 OK in 54ms (Views: 0.2ms | ActiveRecord: 23.2ms)
Job exception: SSL_connect returned=1 errno=0 state=error: certificate verify failed

Job exception: SSL_connect returned=1 errno=0 state=error: certificate verify failed

@trudat, is looks like you are getting a SSL_connect error - are all your SSL certificates in order?

The only way I was able to resolve that aspect was switching to a different test server with all the certificates in order, at which point the SSL issue went away. I’m still having issues with embedding, but everything now looks OK on the Ruby side so there is something else going on with me.

1 Like

That’s what i’m working on now. The SSL diagnostic returned the two issues below. I’m trying to get the cert chain order figured out, but SSL is confusing. I have the .crt and .key files, not sure exactly what putting them in order means, or what the right test sequence would be.

  • This server’s certificate chain is incomplete. Grade capped to B.
  • This server accepts RC4 cipher, but only with older browsers. Grade capped to B.

After days of banging my head against this, I have just fixed the SSL issue on the CKAN host which was the cause of the error Job exception: SSL_connect returned=1 errno=0 state=error: certificate verify failed.

Dozens of pages were consulted, but re-generating the SSL chain cert at this site https://certificatechain.io/ and restarting NGINX finally fixed it.

3 Likes

Glad to hear it - in my case since it’s all a test environment it was easier to switch to something with known “good” certificates.

Did this fix your embedding issue?

After the SSL was fixed, the embedding provided by this extension for the CKAN data platform started to work beautifully. I don’t want to say how long i’ve been trying to get this working, let’s just say this made my week.

https://github.com/OpenGov-OpenData/ckanext-discourse

3 Likes