via the html/js embed code in customize > embedding, like this:
Allowed hosts: blog.example.com
Class name: blog
Path whitelist: /.*
Username for topic creation: system
Maximum number of posts to embed: 0
Truncate the embedded posts: checked
and
DiscourseEmbed = { discourseUrl: 'https://forum.example.com/', discourseEmbedUrl: '{{@blog.url}}{{url}}' };
Expected result: display a link to the corresponding Discourse topic for the blog post. The link shows the number of comments in the forum topic.
We’ve seen in various cases:
Error Embedding
Referer:
The referer did not match any of the following hosts:
blog.example.com
We tracked down the error to happen on browsers stripping/spoofing the referrer header. Apparently the Discourse-supplied embed.js uses the browser referrer string to match the allowed host.
Most browsers will send referrer by default. The only exception we found is older versions (iOS 11) of Firefox/Firefox Focus. But some privacy-oriented plugins like Privacy Badger or others may strip the referrer.
The ideal solution might make this function (at least somewhat) without the referrer, but at least a friendlier and more informative error message could be along the lines of “your browser has disabled sending of referrers”. At least people should not think something else is broken with the feature…