Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


    Cloudron Forum

    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular

    Solved Cannot embed board iframe to websites (WordPress, Nimbus Note)

    Kanboard
    embed
    3
    4
    179
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • Aizat
      Aizat last edited by girish

      Hi,
      I have encountered an issue:
      I cannot embed the public link as an iframe.
      What I did:
      Make my board public, copy the URL into Nimbus note, (it has an iframe block, so just input the URL). But it showed me this error:
      "This URL is not supported or invalid. Contact us if you think that this URL can be embedded."

      I checked the console and it says:
      Error: Request did not return embed and URL is not supported iframe render.

      I contacted their support and they said that the link is not supported. I tried on WordPress, and it did not work either. I tried embedding other links from other websites and it works. (I checked the header in my WordPress and it should work).

      So I did a research on Github, I found this:
      https://github.com/kanboard/kanboard/issues/834

      It was suggested that I need to disable the "X-Frame-Options (see below): DENY" HTTP header like that (in the config.php), but I cannot find it in my Cloudron's file manager.

      // Enable or disable "Strict-Transport-Security" HTTP header
      define('ENABLE_HSTS', false);

      // Enable or disable "X-Frame-Options: DENY" HTTP header
      define('ENABLE_XFRAME', false);

      Can anybody help, or suggest a workaround, please?
      Thank you so much in advance.

      murgero 1 Reply Last reply Reply Quote 0
      • murgero
        murgero App Dev @Aizat last edited by

        @aizat I believe you also need to update 61b6f53d-dfaf-4970-af1c-63bd97e82ff9-image.png right?

        --
        https://urgero.org
        ~ Professional Nerd. Freelance Programmer. ~
        Matrix: @murgero:urgero.org

        1 Reply Last reply Reply Quote 1
        • nebulon
          nebulon Staff last edited by

          I don't think HSTS plays any role here. The X-Fame-Options header is kind of obsoleted by the ContentSecurityPolicy as mentioned in https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options. So what @murgero mentions here is probably the right place to tweak, but note that those settings may also be set in the html meta tags by the app itself and can override what the reverse proxy sets in the headers (this is what you specify via the Cloudron dashboard)

          1 Reply Last reply Reply Quote 2
          • Aizat
            Aizat last edited by Aizat

            Thank you both @murgero @nebulon
            I applied this in the Kanboard app security's tab in Cloudron:

            frame-ancestors https://link-of-the-target-website.com;

            Now it works! 😄

            1 Reply Last reply Reply Quote 3
            • First post
              Last post
            Powered by NodeBB