Forbidden error on embed widget

I’m attempting to implement the Discourse embed widget, but I’m encountering a forbidden error. I copied the embed code from the Admin > Customize > Embedding tab and pasted it onto my website. I also tried deploying an HTML file with this code on Netlify. After a few networking requests, I received a Forbidden error on this endpoint:


Am I doing something wrong? What should I do?

1 Like

Did you add the host to the list of Allowed Hosts under /admin/customize/embedding?

Your Discourse site requires users to login in order to view its topics, and it’s on a subdomain of the domain. I suspect you’re running into this issue:

Unless something has changed, the only case I’m aware of when embedded comments from a private Discourse site can be viewed on a webpage is when the Discourse site is on a subdomain of the website’s domain, and the user who is viewing the webpage is currently logged into Discourse.

If this is correct, it means that it’s not possible to embed comments from sites on Discourse’s Basic plan.


Yes, I’ve configured the Allowed Hosts. When I add the embedding to a website, an iframe is created with a small height, so we can only see a dark rectangle. If you set the height to something like 800px, we can see a login page. But this login page is not working properly, I receive an “BAD CSRF” error.

What I’m trying to do is use Discourse as a forum, essentially creating a chat within our logged-in system. We already have an account for the user who sees Discourse on the frontend. How can I log in this user without displaying the Discourse login page? Are there any possibilities?

I’m also attempting to create a proof of concept (POC) using a Discourse hosted service with a free trial. However, the ultimate goal is to self-host Discourse on our domain, utilizing a subdomain for Discourse and another subdomain for the mentioned application.

I wonder if this will require digging into your setup to get past the immediate hurdle and maybe more work to get what you are aiming for. Doing this on Meta seems inefficient. Maybe consider asking in marketplace ?