Closed ELCourtez closed 2 years ago
I am not using Castopod myself... Can you test this brench see if it fixes the issue?
sudo yunohost app upgrade castopod -u https://github.com/YunoHost-Apps/castopod_ynh/tree/nginx
I have a message castopod is already up-to-date and no changes have been applied
Maybe the app version into the manifest file has to be incremented for this upgrade to take effect ?
admin@woodphant:/etc/nginx/conf.d $ sudo yunohost app upgrade castopod -u https://github.com/YunoHost-Apps/castopod_ynh/tree/nginx
Info: Now upgrading castopod...
Success! castopod is already up-to-date
Success! Upgrade complete
just use the option --force
sudo yunohost app upgrade castopod -u https://github.com/YunoHost-Apps/castopod_ynh/tree/nginx --force
After upgrade this is still KO, I corrected as you can see below
# Add headers to serve security related headers
#more_set_headers "Strict-Transport-Security: frame-ancestors http://*:* https://*:*";
more_set_headers "Content-Security-Policy : frame-ancestors http://*:* https://*:*";
I am having this same issue. Tried to edit as above reply still nogo.
Okay, I investigated this a bit and even though the twitter card validator does not work, sharing on twitter generates the correct OpenGraph Card. To get the episode to play inline on twitter, the "X-Frame-Options" header needs to be disabled because the default nginx configuration adds this header with the value "SAMEORIGIN"
The required line to be added is:
more_clear_headers 'X-Frame-Options';
This will make the inline player work on twitter. Do note that for some reason you cannot validate the URL on opengraph.xyz
or cards-dev.twitter.com
but the OpenGraph cards do work properly on all websites I have tested (Facebook, LinkedIn, Twitter)
(I also disabled the SSOWAT panel cause it was annoying)
@ericgaspar do you want me to open a PR with the patch I have mentioned along with upgrading to the latest version?
Describe the bug
When share an episode link on Twitter, the Twitter Card Player does not display properly (this issue does not occur with Castopod instances not hosted with Yunohost)
Context
Steps to reproduce
Expected behavior
Player displays properly and episode can be play from Twitter directly
Logs
Response HTTP headers, the issue comes from the header in italic-bold
Provisional resolution (probably not applicable for all configurations)
more_set_headers "Content-Security-Policy : frame-ancestors http://*:* https://*:*";