Embed issue with HTTPS, Ruby log shows no errors but comments won't load


(Ellen Badgley) #1

I have a development instance of Discourse running on Cloud9, and a parallel web server that I am using to test out embedding comments. I have run into persistent issues with the notorious (and previously observed) “Failed to execute ‘postMessage’ on ‘DOMWindow’: The target origin provided does not match the recipient window’s origin” message, but nothing seems to match the previous topics posted.

The Setup:

I have a test page with the following HTML:

<body>
<h1>Discuss Embedding Test</h1>

<div id='discourse-comments'></div>

<script type="text/javascript">
  DiscourseEmbed = { discourseUrl: 'https://eb.c9.testserver.org:3000/', 
                     discourseEmbedUrl: 'https://eb.c9.testserver.org:8081/eb-test.html' };

  (function() {
    var d = document.createElement('script'); d.type = 'text/javascript'; d.async = true;
    d.src = DiscourseEmbed.discourseUrl + 'javascripts/embed.js';
    (document.getElementsByTagName('head')[0] || document.getElementsByTagName('body')[0]).appendChild(d);
  })();
</script>
</body>

The <div> and <script> elements are exactly as specified on the Embedding page.

I have eb.c9.testserver.org and eb.c9.testserver.org:8081 set up as Allowed Hosts on the Embedding page, with the Path Whitelist set to “./” for both.

All SSL certificates/paths are set up correctly.

The Problem:

When navigating to https://eb.c9.testserver.org:8081/eb-test.html, I get the following Javascript error (visible on the Chrome console):

Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://eb.c9.testserver.org:3000') does not match the recipient window's origin ('https://eb.c9.testserver.org:8081').

However, from the Cloud9/Ruby console everything appears to be working as expected:

I, [2017-03-16T16:53:10.377997 #28998]  INFO -- : Started GET "/embed/comments?embed_url=https%3A%2F%2Feb.c9.testserver.org%3A8081%2Feb-test.html" for 172.17.0.2 at 2017-03-16 16:53:10 +0000
I, [2017-03-16T16:53:10.443647 #28998]  INFO -- : Processing by EmbedController#comments as HTML
I, [2017-03-16T16:53:10.445753 #28998]  INFO -- :   Parameters: {"embed_url"=>"https://eb.c9.testserver.org:8081/eb-test.html"}
D, [2017-03-16T16:53:10.449724 #28998] DEBUG -- :   UserAuthToken Load (1.0ms)  SELECT  "user_auth_tokens".* FROM "user_auth_tokens" WHERE ((auth_token = 'jXadm/bqoit1hAXTRukqrtUtm4s=' OR
                          prev_auth_token = 'jXadm/bqoit1hAXTRukqrtUtm4s=' OR
                          (auth_token = '79d5348aea3bb8ac5959fd7111b6aab2' AND legacy)) AND rotated_at > '2017-01-15 16:53:10.447926') LIMIT 1
D, [2017-03-16T16:53:10.453363 #28998] DEBUG -- :   User Load (0.9ms)  SELECT  "users".* FROM "users" WHERE "users"."id" = 2 LIMIT 1  [["id", 2]]
D, [2017-03-16T16:53:10.458535 #28998] DEBUG -- :    (0.7ms)  SELECT "topic_embeds"."topic_id" FROM "topic_embeds" WHERE (lower(embed_url) = 'https://eb.c9.testserver.org:8081/eb-test.html')
I, [2017-03-16T16:53:10.462791 #28998]  INFO -- :   Rendered embed/loading.html.erb within layouts/embed (0.4ms)
I, [2017-03-16T16:53:10.465563 #28998]  INFO -- : Completed 200 OK in 18ms (Views: 3.8ms | ActiveRecord: 2.6ms)
D, [2017-03-16T16:53:21.394249 #28998] DEBUG -- : Delivering messages [] to client 479de1be9ddd4bfaa056516290c6c3f2 for user 2 (chunked)
D, [2017-03-16T16:53:21.524814 #28998] DEBUG -- :   UserAuthToken Load (0.6ms)  SELECT  "user_auth_tokens".* FROM "user_auth_tokens" WHERE ((auth_token = 'jXadm/bqoit1hAXTRukqrtUtm4s=' OR
                          prev_auth_token = 'jXadm/bqoit1hAXTRukqrtUtm4s=' OR
                          (auth_token = '79d5348aea3bb8ac5959fd7111b6aab2' AND legacy)) AND rotated_at > '2017-01-15 16:53:21.522642') LIMIT 1
D, [2017-03-16T16:53:21.528688 #28998] DEBUG -- :   User Load (0.4ms)  SELECT  "users".* FROM "users" WHERE "users"."id" = 2 LIMIT 1  [["id", 2]]
D, [2017-03-16T16:53:21.531643 #28998] DEBUG -- :    (0.5ms)  SELECT "groups"."id" FROM "groups"
D, [2017-03-16T16:53:21.534225 #28998] DEBUG -- : Delivering messages [] to client 479de1be9ddd4bfaa056516290c6c3f2 for user 2 (chunked)

The page stays at “Loading Discussion” and except for the recurrent “Failed to execute postMessage” errors on the JS console, no additional change is visible.

One additional weirdness which may be relevant:
The Discourse logo visible on the page cannot be clicked through, as it links to http://localhost:3000. The JS error that results is:

Mixed Content: The page at 'https://eb.c9.testserver.org:8081/eb-test.html' was loaded over HTTPS, but requested an insecure resource 'http://localhost:3000/'. This request has been blocked; the content must be served over HTTPS.

The message is expected given the http link, but one would think that the link should match the discourseURL parameter in the embed script.


(Robin Ward) #2

I suspect that something in our code wants HTTPS to be on 443 and not custom ports. This is a bit of a unique situation as typically people in production for Discourse don’t use custom ports. I’d accept a pull request to fix it if you can figure out what’s wrong :slight_smile:


(Ellen Badgley) #3

Thanks, that’s a good point. I’ll poke around and see if we can confirm/deny that that’s the issue.