Embedding Topics with SSL. Get X-Frame-Options=SAMEORIGIN Error

(Thomas Wilson) #1

I’m trying to embed discourse comments in my ghost blog but am running into issues.

My Discourse install is setup with SSL, so I’m not sure if that could be causing odd behaviour.

When attempting to embed comments, I follow the instructions on @eviltrout’s blog. I set the discourse URL to http:// (rather than http s, which maybe I should be doing?).

Nothing loads, so I check the dev console and see that my discourse install has X-Frame-Options=SAMEORIGIN set in its headers (rather than ALLOWALL). I follow the instructions here and restart my container, but STILL get the SAMEORIGIN error.

Would the fact that my site runs over http s be a problem here? If so, is there anything I can do to get around this?

(Robin Ward) #2

It is possible there are issues with HTTPS that we haven’t found yet. It should work – can you confirm that if your site is set up without SSL that it works?

(Thomas Wilson) #3

Brain fart on my end I'm afraid. I installed the ALLOWALL plugin but didn't call it plugin.rb. D'oh!

(Robin Ward) #4