SOLVED Cannot embed board iframe to websites (WordPress, Nimbus Note)
-
Hi,
I have encountered an issue:
I cannot embed the public link as an iframe.
What I did:
Make my board public, copy the URL into Nimbus note, (it has an iframe block, so just input the URL). But it showed me this error:
"This URL is not supported or invalid. Contact us if you think that this URL can be embedded."I checked the console and it says:
Error: Request did not return embed and URL is not supported iframe render.I contacted their support and they said that the link is not supported. I tried on WordPress, and it did not work either. I tried embedding other links from other websites and it works. (I checked the header in my WordPress and it should work).
So I did a research on Github, I found this:
https://github.com/kanboard/kanboard/issues/834It was suggested that I need to disable the "X-Frame-Options (see below): DENY" HTTP header like that (in the config.php), but I cannot find it in my Cloudron's file manager.
// Enable or disable "Strict-Transport-Security" HTTP header
define('ENABLE_HSTS', false);// Enable or disable "X-Frame-Options: DENY" HTTP header
define('ENABLE_XFRAME', false);Can anybody help, or suggest a workaround, please?
Thank you so much in advance. -
@aizat I believe you also need to update
right? -
I don't think HSTS plays any role here. The X-Fame-Options header is kind of obsoleted by the ContentSecurityPolicy as mentioned in https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options. So what @murgero mentions here is probably the right place to tweak, but note that those settings may also be set in the html meta tags by the app itself and can override what the reverse proxy sets in the headers (this is what you specify via the Cloudron dashboard)
-
Thank you both @murgero @nebulon
I applied this in the Kanboard app security's tab in Cloudron:frame-ancestors https://link-of-the-target-website.com;
Now it works!
