search

kiwix / kiwix-tools

Command line Kiwix tools: kiwix-serve, kiwix-manage, ...
https://download.kiwix.org/release/kiwix-tools/
GNU General Public License v3.0
463 stars 87 forks source link

search request gets blocked in Chrome and in Firefox with NS_ERROR_XFO_VIOLATION #692

Closed wsdookadr closed 2 months ago

wsdookadr commented 2 months ago

If I serve the zim file directly on a custom port, no nginx, everything works fine.

The problem only occurs when kiwix-serve runs behind an nginx reverse proxy that is SSL-enabled.

I've set up a docker-compose file to serve a zim file:

user@perm1:~/serve-zim$ cat docker-compose.yml
services:
  z1:
    image: ghcr.io/kiwix/kiwix-tools:3.7.0
    container_name: z1
    restart: always
    ports:
      - 9711:8083
    volumes:
      - /home/nas/zim:/zim
    entrypoint: 'kiwix-serve -r "/zdevops" -i 0.0.0.0 --threads 10 --port 8083 /zim/devops-tools/zim/big.zim'

I've set up an nginx reverse proxy:

    location /zdevops/ {
        proxy_pass http://0.0.0.0:9711/zdevops/;
    }

Now Firefox says the following:


Firefox Can’t Open This Page

To protect your security, [...] will not allow Firefox to display the page if another site has embedded it. To see this page, you need to open it in a new window.

This is directly related to the iframe that loads the search results or web pages from the ZIM archive. If I try to open a tab with the page directly, that works great, but if I try to use the kiwix-serve web app to search for it in the browser, I can't see the search results.

I've attached some screenshots below:

Screenshots ![firefox-kiwix-search](https://github.com/user-attachments/assets/2493a05c-fce6-4efd-ada3-1890f37736b4) ![chrome-kiwix-search](https://github.com/user-attachments/assets/627cbf58-e2e9-4d1d-a181-43629aec4fb3)
wsdookadr commented 2 months ago

It looks like my nginx config was missing add_header X-Frame-Options SAMEORIGIN always; inside the location block.

Maybe this can be added to the docs.