Embedding not working anymore (referer did not match…)


(Raphaël Jadot) #1

Hello :),

until now I had blog posts and comments embedded, all working perfectly.

It’s not working anymore, I can’t tell exactly since when (maybe two/three weeks) as I did not really paid attention to this part, but I did not change anything to the blog engine code.

Here is an URL example:

Though the url is https://www.openmandriva.org/en/news/article/eelo-mobile-os-and-web-services-by-gael-duval one can see this message in blog post:

The code generated in blog posts (for this example case):

<script type="text/javascript">
  DiscourseEmbed = { discourseUrl: 'https://forum.openmandriva.org/',
                      discourseEmbedUrl: 'https://www.openmandriva.org/en/news/article/eelo-mobile-os-and-web-services-by-gael-duval' };

  (function() {
    var d = document.createElement('script'); d.type = 'text/javascript'; d.async = true;
    d.src = DiscourseEmbed.discourseUrl + 'javascripts/embed.js';
    (document.getElementsByTagName('head')[0] || document.getElementsByTagName('body')[0]).appendChild(d);
  })();
</script>

And my “allowed posts” configuration

I really don’t see what is wrong, and furthermore, it worked in the past…

Do you have any idea what could have happened?


(Raphaël Jadot) #2

Weird, in fact this seems to be related to Firefox 57:

  • I tried with Brave, Chromium and Qupzilla, it’s working correctly.
  • I tried with Firefox 57 in safe mode (no modules) settings privacy settings to the minimum, not working.

Tomorrow I’ll test with Firefox ESR but I’m more than sure it’s related to Firefox Quantum (I guess it’s why it suddenly stopped working for me…)

I also notice that CDN/CORS stopped working correctly with Firefox 57 on my side (but not on chromium, brave etc.), the font awesome were not loading because of a strict cross content origin policy somewhere, which I could not find, and also that never was a problem before in FF 56 and below.


(Rafael dos Santos Silva) #3

I went to your site, and it’s working fine for me on: Chrome stable, Firefox 58.0b3 and Firefox 59.0a1.

Check what is the referrer header that your browser is sending on the request using devtools.


(Raphaël Jadot) #4

Hi @Falco, thanks for your replie. I’m sorry: I searched how to get referrer header, but it’s not very clear to me… in about:config it’s only a boolean, I tried in network tab, in development mode, and also an addon supposed to help.

Indeed I see in other places that it works with Firefox 57… If only one configuratin has the bug, then it’s not a bug from discourse, but I’d like to understand, at least for my curiosity :slight_smile: