Over the course of a few days I noticed a lot of people have searched and posted for solutions concerning comment embeds. I am one of those people. I hope this post helps others in the same situation.
I am new to Discourse, so anyone wishing to complement the information I am providing with in depth expertise please feel free to do so.
One thing I can say after reviewing the many posts on the topic is that the source of the issues can be wide ranging. For those in my situation, here is a solution!
Problem
- You find yourself with an embed that says “Loading discussion…”
- Discourse topics are not being automatically created
Solution
Try adding your domain to the list of allowed internal hosts.
It’s a site setting found in the admin area. You can find them at this path of your Discourse site:
/admin/site_settings/category/all_results
A direct link to the setting I am referencing would be:
/admin/site_settings/category/all_results?filter=allowed_internal_hosts
For those of you looking at the Rails console, look at:
SiteSetting.allowed_internal_hosts
The setting is a pipe (|) separated list of domain names.
Context
My Discourse instance is public, but my internal DNS resolves some domains locally. This can happen in setups using Docker, Kubernetes, or any environment with internal DNS.
Being new to Discourse, I must say that what seems obvious now, was really not obvious to begin with.
Those of us who are not familiar with Discourse internals are not aware that in 2017 SSRF protection was implemented or even the specifics of that protection. Only in hindsight does that announcement make the connection clear.
It is a well-implemented feature, but was quite the rabbit hole for a very simple reason.
What you must know
Discourse won’t create a topic for your embed if the domain resolves to a local IP.
Don’t scream yet folks. This is a good thing. You can read about SSRF to find out why and also thank Discourse devs for taking it seriously.
The issue is that Discourse does not provide feedback to let us know why it’s not creating the topics and why it’s stuck at “loading discussion…”
Additional Reading
But, what is a local IP exactly? For anyone interested, you can find the answer right in the Discourse code, here is a direct link to the file on GitHub.
For example, if your Discourse instance at super-forum[dot]com lives on a network that also hosts cool-blog[dot]net, your internal DNS might resolve cool-blog[dot]net as a local IP—which Discourse will reject unless it’s allowlisted.
Hopefully this post saves someone else a few hours of head-scratching—and maybe even a few hairs.