我注意到我在访问的 Discourse 论坛上,我的网站的一盒(onebox)功能停止工作了。它在 1.8.x 版本中是正常工作的,但现在论坛已更新到 1.9.3,我的 oneboxes 不再起作用。我在 try.discourse.org 上进行了检查,情况相同。onebox 的 URL 如下所示:
我的网站返回以下 oEmbed 数据:
{
"version":"1.0",
"type":"rich",
"width":600,
"height":400,
"title":"metr",
"html":"<iframe src=\"https://metr.at/r/CF1go?oembed=true\" width=\"600\" height=\"400\"
frameborder=\"0\"></iframe>",
"provider_name":"metr.at",
"provider_url":"https://metr.at"
}
我查阅了 onebox GitHub 上的提交历史,发现了 407fd0b8d6d41956e2400efc1918ace255aecd37 提交,其标题为“安全性:对 iframe 设置沙箱,为绝对锚点添加 rel 属性”。
是否可能是因为 iframe 和安全设置导致我的 onebox 失效?有什么我可以做的吗?
pfaffman
(Jay Pfaffman)
2
I suspect that it is the iframe. Can you remove it?
I can not remove the iframe because the whole onebox is the iframe. If I remove it, there will be nothing left.
2 个赞
gerhard
(Gerhard Schlager)
4
Discourse 1.8 uses onebox 1.8.12 and the commit you referenced was already part of that version. So, it must be something else. If your problem is caused by changes to the onebox gem, it should be one of the 79 commits: https://github.com/discourse/onebox/compare/e9164ee70186f87d2f2197de37a3a43f1274a060...master
5 个赞
I think I found the problem
https://github.com/discourse/discourse/commit/d6b22e6cc1b19a5279774fbe3a0138caca7918ea
do I understand right, the iframe will not be oneboxed unless whitelisted in the forum settings?
3 个赞
