search

trustpilot / plugin-magento2

Magento 2 plugin for sending invitation data to Trustpilot
MIT License
10 stars 27 forks source link

TrustBox Preview only for default Luma Theme #26

Closed bst2002git closed 5 years ago

bst2002git commented 5 years ago

Need to put Trustboxes on other Theme. I'v multiple Shops/StoreViews with different Themes, i can not put TrustBoxes on it.

vilgro commented 5 years ago

Need to put Trustboxes on other Theme. I'v multiple Shops/StoreViews with different Themes, i can not put TrustBoxes on it.

Can you please give us short description on that? What exactly doesn't work?

bst2002git commented 5 years ago

Hello, see also #28.

First on one (i'v multiple Website/StoreViews) "Web Site" it says: "Magento\Framework\Exception\NoSuchEntityException): The store that was requested wasn't found. Verify the store and try again." i must choose a "Store View" to get it work. Second every Website has a different base-URL. The Admin-Url (admin.mymagento-install.com) is the first Url == Default Config == Main-WebSite and is always different to the other Website/Storeview-Urls, so the default (and not removable) Magento-Security Option: X-Frame-Options : SAMEORIGIN does not allow to load the Website/Storeview with the url shop.companyAA.com into the Frame on the Magento Admin-Backend with the Admin-Url (you can have only one per Magento install) admin.mymagento-install.com

dukeimg commented 5 years ago

Hi @bst2002git

Magento\Framework\Exception\NoSuchEntityException

We recently changed the way we get the scope. Please let us know if you still have an issue with it on 2.6.439

does not allow to load the Website/Storeview with the url shop.companyAA.com into the Frame

I assume you're talking about TrustBox preview. I also see from #28 that you disabled X-Frame-Options : SAMEORIGIN on your end, but you still can't drop the TrustBox on the preview page. This is because we have our own same-origin check in event listeners. But even if we remove this check, you would still get an error like this:

Blocked a frame with origin "https://example.com" from accessing a cross-origin frame.

This will happen because of all major browsers same-origin policy

For your case the workaround would be to login to the admin page under the same domain as the storefront has.