X-Frame Origin Embed Error

Support
1

Sorry, I know there have been other topics about this, but I cannot seem to get it figured out at this point. I have a fresh install of discourse on DigitalOcean using the App, and a Ghost blog. I have the allowed host as the root of my website, and have pasted the code into Ghost, but constantly get the "Refused to display 'http://community.howtoghost.com/embed/comments?embed_url=https%3A%2F%2Fwww.ghostforbeginners.com%2Fhosting-and-installing-ghost%2F' in a frame because it set 'X-Frame-Options' to 'SAMEORIGIN'." error.

Screen Shot 2015-11-07 at 12.49.22 PM.png2370Ɨ1318 137 KB

From what it looks like, since I have the host in discourse, this shouldnā€™t be a problem, but after a few days of trying, I cannot get it to work. Have tried both www.site.com and just site.com, neither work. Does anyone have any ideas? I would really appreciate the help.

Actual Embedded Ghost Code:

<div id='discourse-comments'></div>

<script type="text/javascript">
  DiscourseEmbed = { discourseUrl: 'http://community.howtoghost.com/',
     discourseEmbedUrl: 'https://www.ghostforbeginners.com' + {{url}} };

   (function() {
    var d = document.createElement('script'); d.type = 'text/javascript'; d.async = true;
    d.src = DiscourseEmbed.discourseUrl + 'javascripts/embed.js';
    (document.getElementsByTagName('head')[0] || document.getElementsByTagName('body')[0]).appendChild(d);
  })();
</script>

Thanks,
David B

2

Fill out the ā€œcors originsā€ site setting with www.ghostforbeginners.com and restart the server ./launcher restart app.

1 Like
3

Thank you for the reply riking. Do you make these changes in the app.yml? In the app.yml I have tried:

DISCOURSE_ENABLE_CORS: true
DISCOURSE_CORS_ORIGIN: '*'

and

DISCOURSE_ENABLE_CORS: true
DISCOURSE_CORS_ORIGIN: 'www.ghostforbeginners.com'

and

DISCOURSE_ENABLE_CORS: true
DISCOURSE_CORS_ORIGIN: 'www.ghostforbeginners.com*'

and a few others like including https and what not.

None of which change the outcome. Still get the same x-frame problem. I tried adding them under the env: section, and also near the bottom with no change.

4

Well, that should have worked as well.

1 Like
5

Any other ideas by chance? It seems like Discourse is restarting, but is it possible it isnā€™t taking the configs for whatever reason?

6

Hi I Tried multiple option by adding into app.yml. But its not working. Still throwing error "

Refused to display ā€˜http://162.188.21.09:8080/ā€™ in a frame because it set ā€˜X-Frame-Optionsā€™ to ā€˜SAMEORIGINā€™.
"

Actually Iā€™m trying to render ā€˜http://162.188.21.09:8080/ā€™ in iframe local host.

env:
** DISCOURSE_DB_PASSWORD: ā€˜discourseā€™**
** DISCOURSE_ENABLE_CORS: true**
** DISCOURSE_CORS_ORIGIN: http://162.188.21.09:8080/ā€™**

How to fix it.?

7

I think you would be better off coming up with a different approach

8

Can you tell us how to do it if we want to integrate it in my website ?

9

If I wanted to include Discourse content into a non-Discourse site I would use either the RSS or JSON or both.

10

Do you have any reference so I can get more info how to do it and to identify pros/cons for my requirement ?

11

Like demo or integration steps ?
thnks

12

Hey Guys,
Its working now, I forgot to rebuild the app.
./launcher rebuild app.

1 Like
13

I solved it using this pluginā€¦

https://github.com/somoza/discourse-xorigin/blob/master/plugin.rb

14

Can you plese provide steps as to how to install and use the plugin.

1 Like
15

@Det Hereā€™s a guide on Discourse plugins: How to create a Discourse plugin