I noticed the onebox for my website stopped working on the discourse forum I am visiting. It was working in 1.8.x but now the forum has been updated to 1.9.3 and my oneboxes are no longer working. I checked on try.discource.org and it is the same. The onebox urls look like this:
My website returns following oembed
{
"version":"1.0",
"type":"rich",
"width":600,
"height":400,
"title":"metr",
"html":"<iframe src=\"https://metr.at/r/CF1go?oembed=true\" width=\"600\" height=\"400\"
frameborder=\"0\"></iframe>",
"provider_name":"metr.at",
"provider_url":"https://metr.at"
}
I went through commit history in onebox github and found 407fd0b8d6d41956e2400efc1918ace255aecd37
“Security: sandbox iframes, add rel to abs anchors”
Can it be that my onebox fails because of iframe and security? Is there something I can do?