Rich onebox stopped working

I noticed the onebox for my website stopped working on the discourse forum I am visiting. It was working in 1.8.x but now the forum has been updated to 1.9.3 and my oneboxes are no longer working. I checked on and it is the same. The onebox urls look like this:

My website returns following oembed

  "html":"<iframe src=\"\" width=\"600\" height=\"400\"

I went through commit history in onebox github and found 407fd0b8d6d41956e2400efc1918ace255aecd37 “Security: sandbox iframes, add rel to abs anchors”

Can it be that my onebox fails because of iframe and security? Is there something I can do?

I suspect that it is the iframe. Can you remove it?

I can not remove the iframe because the whole onebox is the iframe. If I remove it, there will be nothing left.


Discourse 1.8 uses onebox 1.8.12 and the commit you referenced was already part of that version. So, it must be something else. If your problem is caused by changes to the onebox gem, it should be one of the 79 commits:


iframely is totally happy by the way

I think I found the problem

do I understand right, the iframe will not be oneboxed unless whitelisted in the forum settings?


That’s exactly right :+1: