[SOLVED] Embedding an AppEngine-hosted web app via IFRAME

(Emmanuel Schanzer) #1

Hi all - I’m new to Discourse, and just figuring things out. We run a large computer science education nonprofit, and are looking to move our online teacher discussions from Google Groups to Discourse.

I’ve successfully embedded other cloud-based tools into topics already, by:

  1. Whitelisting their domains
  2. Making a new topic
  3. Using <iframe src="<whitelisted domain>"></iframe> in the body of the topic

However, I’ve been unable to embed our own cloud-based IDE. The IFRAME shows up blank. A quick trip to the developer tools shows that the http request went out, but was denied with error 307 - Internal Redirect (see attached screenshot). My theory is that this is happening because our domain points to an AppEngine instance, so a redirect is happening behind the scenes and Discourse is blocking it for security reasons. Evidence to support this theory: embedding the AppEngine instance itself works, but using the domain doesn’t.

Since we periodically update the instance, it’s very important that the normal URL works. I’ve searched through other topics on the forum to no avail. Anyone got any advice for a n00b?

Thanks in advance!


(AppyBuilder) #2


  1. why are you using the version number? You can simply use your application id which will, by default point to active version
  2. What type of ago are you hosting in app engine? Are you just trying to have your discourse to have a link to your app engine app? If so, check my forum at community.AppyBuilder.com. make sure you are viewing in desktop mode. If in desktop mode, you’ll see a puzzle block Icon at top right. Clicking on it will open our app engine app. Check and see if that’s what you are looking for

(Matt Palmer) #3

This doesn’t look like a Discourse problem. If you fix the URL you’re embedding to not cause a 307, everything will probably work a lot better. Interestingly, the “307 Internal Redirect” is reportedly issued when Chrome is asked to load a HTTP resource for a domain for which it has an HSTS policy active. However, in your case the headers suggest that it’s already a HTTPS URL, so presumably there’s also other cases where Chrome does the same thing. Either way, though, this isn’t a problem with Discourse, it’s a browser/embedded site problem.

(Emmanuel Schanzer) #4
  1. No, I’m not using the version number. As I wrote: I am using the appID, and embedding www.wescheme.org. The fact that the version number works and the appID doesn’t suggests the problem is with the AppEngine redirect.
  2. No, I’m not trying to link. As I wrote: I am trying to embed my AppEngine app inside a Discourse post, using iframe.

(Emmanuel Schanzer) #5

I agree that the URL is problematic, but the problem only happens with discourse. The URL by itself works perfectly in a browser tab, and I’ve been able to embed it using IFRAMEs elsewhere. If it works everywhere else, something tells me there’s a discourse-specific interaction effect happening.

I could use a little help in tracking down the issue. Surely some discourse user has tried to embed an AppEngine app at some point, no?

(Matt Palmer) #6

That link is different to the one in the screenshot you provided earlier. Perhaps that’s related to the problem?

(Emmanuel Schanzer) #7

Good catch! However, it’s the same domain - with the same result.

(Emmanuel Schanzer) #8

Problem solved! It turns out that some of the resources being loaded by the IFRAME were being loaded via HTTP. The no-referrer-when-downgrade error was the hint that something fishy was going on.

Now we can embed our IDE inside Discourse posts - which will be a HUGE boon to teachers who have questions about the programming activities in the curriculum. Thanks so much to everyone who chimed in to help! I’ve attached a screenshot of a working demo.