huangwb8
commented
2 years ago I also got similar problem. The link could be visit via url in chrome, but it could not work in the iframe.
Open flossgeek opened 2 years ago
huangwb8
commented
2 years ago I also got similar problem. The link could be visit via url in chrome, but it could not work in the iframe.
tcitworld
commented
2 years ago X-Frame-Options is a HTTP header, not a CSP policy. It's an old way to do exactly the same than the frame-ancestors, restricting which websites can embed a page.
Nextcloud sets it by default to SAMEORIGIN, meaning that only the same domain or subdomains from the website can embed it.
This app needs to set the header value to ALLOW when producing the response.
flossgeek
commented
2 years ago Alright, thanks. So it's up to @rookie0 to solve it? :) I'm wondering though how seemingly many people are able to use this app without problems.
Hello, thanks for the great work! This app is exactly what I need (at least, if it works). I have followed all your instructions, but nextcloud still seems to prevent embedding the files in external sites. In a normal browser tab it works perfectly, so that shouldn't be the problem I suppose. I added the domain in which I want to embed a file to the CSP policy as Frame Ancestor with the following app: https://apps.nextcloud.com/apps/csp_editor.
I would expect everything should work now, but unfortunately it doesn't. Any idea what could be going wrong?