Talkyard setting X-Frame-Options to deny always?

2021-11-19 05:02:02.603Z

Hi all,

I'm at my wits end on this one. I'm running talkyard on a digital ocean server using a reverse proxy behind nginx. Everything about accessing talkyard itself works correctly (i.e. I can go to comments.mywifesblog.com fine and interact with talkyard as expected), but when she tries to add it to her blog, the embedded comments box gets blocked because the response from talkyard.mywifesblog.com sets X-Frame-Options to DENY.

I've tried everything I can think to:

Having nginx rewrite the headers
Trying to muck with talkyard's nginx config to rewrite/add the header as I want it
Setting the "allow embedding from" value to every variant of her blog's URL, as well as wildcard values like "http://*"

No dice on any of them - I get DENY back every time.

Any idea what I might need to change here?

Reply

2 replies

P
@Paycho
2021-11-19 05:21:48.003Z
I figured this out, sorry for the noise!

(it was a combination of the wrong settings on my nginx reverse proxy and me not thinking to Ctrl-F5 when I reloaded the blog page to clear the cached response headers)
Reply
1. KajMagnus @KajMagnus
  core-dev
  support-team
  2021-11-22 07:28:45.915Z
  Ok :- ) Thanks for the update. I guess I'll close this issue then.
  
  Hmm, maybe there could be a tips to reload the blog using Ctrl+F5, after one has edited the Allow embedding from setting.
  Reply
Progress
@KajMagnus closed this topic 2021-11-22 07:28:50.122Z.

Reply (discussion)Add progress note