X-Frame Origin Embed Error


(David Balderston) #1

Sorry, I know there have been other topics about this, but I cannot seem to get it figured out at this point. I have a fresh install of discourse on DigitalOcean using the App, and a Ghost blog. I have the allowed host as the root of my website, and have pasted the code into Ghost, but constantly get the "Refused to display 'http://community.howtoghost.com/embed/comments?embed_url=https%3A%2F%2Fwww.ghostforbeginners.com%2Fhosting-and-installing-ghost%2F' in a frame because it set 'X-Frame-Options' to 'SAMEORIGIN'." error.

From what it looks like, since I have the host in discourse, this shouldn’t be a problem, but after a few days of trying, I cannot get it to work. Have tried both www.site.com and just site.com, neither work. Does anyone have any ideas? I would really appreciate the help.

Actual Embedded Ghost Code:

<div id='discourse-comments'></div>

<script type="text/javascript">
  DiscourseEmbed = { discourseUrl: 'http://community.howtoghost.com/',
     discourseEmbedUrl: 'https://www.ghostforbeginners.com' + {{url}} };

   (function() {
    var d = document.createElement('script'); d.type = 'text/javascript'; d.async = true;
    d.src = DiscourseEmbed.discourseUrl + 'javascripts/embed.js';
    (document.getElementsByTagName('head')[0] || document.getElementsByTagName('body')[0]).appendChild(d);
  })();
</script>

Thanks,
David B


(Kane York) #2

Fill out the “cors origins” site setting with www.ghostforbeginners.com and restart the server ./launcher restart app.


(David Balderston) #3

Thank you for the reply riking. Do you make these changes in the app.yml? In the app.yml I have tried:

DISCOURSE_ENABLE_CORS: true
DISCOURSE_CORS_ORIGIN: '*'

and

DISCOURSE_ENABLE_CORS: true
DISCOURSE_CORS_ORIGIN: 'www.ghostforbeginners.com'

and

DISCOURSE_ENABLE_CORS: true
DISCOURSE_CORS_ORIGIN: 'www.ghostforbeginners.com*'

and a few others like including https and what not.

None of which change the outcome. Still get the same x-frame problem. I tried adding them under the env: section, and also near the bottom with no change.


(Kane York) #4

Well, that should have worked as well.


(David Balderston) #5

Any other ideas by chance? It seems like Discourse is restarting, but is it possible it isn’t taking the configs for whatever reason?


(DD) #6

Hi I Tried multiple option by adding into app.yml. But its not working. Still throwing error "

Refused to display ‘http://162.188.21.09:8080/’ in a frame because it set ‘X-Frame-Options’ to ‘SAMEORIGIN’.
"

Actually I’m trying to render ‘http://162.188.21.09:8080/’ in iframe local host.

env:
** DISCOURSE_DB_PASSWORD: ‘discourse’**
** DISCOURSE_ENABLE_CORS: true**
** DISCOURSE_CORS_ORIGIN: http://162.188.21.09:8080/’**

How to fix it.?


(Mittineague) #7

I think you would be better off coming up with a different approach


(Adi Adi) #8

Can you tell us how to do it if we want to integrate it in my website ?


(Mittineague) #9

If I wanted to include Discourse content into a non-Discourse site I would use either the RSS or JSON or both.


(Adi Adi) #10

Do you have any reference so I can get more info how to do it and to identify pros/cons for my requirement ?


(Adi Adi) #11

Like demo or integration steps ?
thnks


(DD) #12

Hey Guys,
Its working now, I forgot to rebuild the app.
./launcher rebuild app.