[SOLVED] Rich onebox stopped working


#1

I noticed the onebox for my website stopped working on the discourse forum I am visiting. It was working in 1.8.x but now the forum has been updated to 1.9.3 and my oneboxes are no longer working. I checked on try.discource.org and it is the same. The onebox urls look like this:

https://metr.at/r/CF1go

My website returns following oembed

{
  "version":"1.0",
  "type":"rich",
  "width":600,
  "height":400,
  "title":"metr",
  "html":"<iframe src=\"https://metr.at/r/CF1go?oembed=true\" width=\"600\" height=\"400\"
    frameborder=\"0\"></iframe>",
  "provider_name":"metr.at",
  "provider_url":"https://metr.at"
}

I went through commit history in onebox github and found 407fd0b8d6d41956e2400efc1918ace255aecd37 “Security: sandbox iframes, add rel to abs anchors”

Can it be that my onebox fails because of iframe and security? Is there something I can do?


(Jay Pfaffman) #2

I suspect that it is the iframe. Can you remove it?


#3

I can not remove the iframe because the whole onebox is the iframe. If I remove it, there will be nothing left.


(Gerhard Schlager) #4

Discourse 1.8 uses onebox 1.8.12 and the commit you referenced was already part of that version. So, it must be something else. If your problem is caused by changes to the onebox gem, it should be one of the 79 commits: https://github.com/discourse/onebox/compare/e9164ee70186f87d2f2197de37a3a43f1274a060...master


#5

iframely is totally happy by the way Iframely URL Debugger - Open Graph, Twitter Cards, oEmbed


#6

I think I found the problem

do I understand right, the iframe will not be oneboxed unless whitelisted in the forum settings?


(RĂ©gis Hanol) #7

That’s exactly right :+1:


(RĂ©gis Hanol) #8