I’ve been following the instructions from the
admin/customize/embedding menu to setup embedding comments on a website.
However my site is a Jekyll template hosted on GitHub Pages. There’s a thread here with the same subject however the solution does not work around the main problem that I’m seeing:
Refused to display 'http://XXX/embed/comments?embed_url=http%3A%2F%2FXXX%2FYYY%2F' in a frame because it set 'X-Frame-Options' to 'SAMEORIGIN'.
After searching I found that GitHub’s policy is to block X-Frame-Options in this Stack Overflow thread They appear to have relaxed the restriction from
SAMEORIGIN in the intervening time, but the security implications make sense why they have the policy.
Since embedding the remote content is blocked my workaround was to copy the embed.js from my discourse instance onto the static site as a local resource. And then modify the embed script as below:
d.src = localSiteUrl/js/discourse-embed.js';
This means that the iframe embedding comes from the same origin but is fragile as the embed code can no longer be auto updated when my discourse site is updated.
- And secondly how fragile is this copying process, aka how often might it be expected that I need to update the embed.js going forward?