Talkyard setting X-Frame-Options to deny always?
I'm at my wits end on this one. I'm running talkyard on a digital ocean server using a reverse proxy behind nginx. Everything about accessing talkyard itself works correctly (i.e. I can go to comments.mywifesblog.com fine and interact with talkyard as expected), but when she tries to add it to her blog, the embedded comments box gets blocked because the response from talkyard.mywifesblog.com sets X-Frame-Options to DENY.
I've tried everything I can think to:
- Having nginx rewrite the headers
- Trying to muck with talkyard's nginx config to rewrite/add the header as I want it
- Setting the "allow embedding from" value to every variant of her blog's URL, as well as wildcard values like "http://*"
No dice on any of them - I get DENY back every time.
Any idea what I might need to change here?
- 2 replies
I figured this out, sorry for the noise!
(it was a combination of the wrong settings on my nginx reverse proxy and me not thinking to Ctrl-F5 when I reloaded the blog page to clear the cached response headers)
- @KajMagnus closed this topic 2021-11-22 07:28:50.122Z.