[regression] iframe embedding broken with allowed src domain

It’s a DNS service that blocks domains with a bad reputation. But that’s not the issue because 1) when I connect over a VPN it uses a different DNS and this issue continues, and 2) the user that reported this issue to me is using a completely different setup, 3) the DNS configuration is only for my LAN and not on the Discourse server which is failing to generate the proper HTML server-side, and 4) this HTML file properly loads the iframe:

<!DOCTYPE html>
<html lang="en">

<head>
  <meta name="description" content="Webpage description goes here" />
  <meta charset="utf-8">
  <title>Change_me</title>
  <meta name="viewport" content="width=device-width, initial-scale=1">
  <meta name="author" content="">
</head>

<body>

<div style="left:0; width:100%; height:0; position:relative; padding-bottom:25%; margin:0 auto"><iframe src="https://www.tickcounter.com/widget/countdown/5847336" style="top:0; left:0; width:100%; height:100%; position:absolute; border:0; overflow:hidden" title="My countdown"></iframe></div>

</body>
</html>

Oh wow, that was it, it was missing the final /
Thanks very much!

Something has changed in Discourse, because I added https://www.tickcounter.com the last time I tried this and at that time it worked. In my opinion either the regexp logic it is using or the description of the setting needs to be adjusted, because it says:

A list of iframe src domain prefixes that discourse can safely allow in posts

When I think of a “domain prefix” I think of a domain name and/or a subdomain, both of which do not include a / . Or if it’s supposed to be using more precise logic for complex iframe src URLs then it should say something like:

A list of iframe src URL prefixes that Discourse can safely allow in posts

3 Likes