my original issue is... i'm getting facebook dialog error: an error ocurred. please try again later.
the thing solving issue installing chrome extension...
ignore x-frame headers (https://chrome.google.com/webstore/detail/ignore-x-frame-headers/gleekbfjekiniecknbkamfmkohkpodhe)
so suspect due browser content policy..
tested on: chrome , safari
os: mac osx 10.10
server: localhost/nodejs
i try solve issue installing browser-policy
package , setup...
server/policy.js
meteor.startup(function () { browserpolicy.framing.allowall(); browserpolicy.content.allowinlinescripts(); browserpolicy.content.alloweval(); browserpolicy.content.allowinlinestyles(); browserpolicy.content.allowdataurlforall(); browserpolicy.content.allowsameoriginforall(); }); browserpolicy.framing.allowall(); browserpolicy.content.allowinlinescripts(); browserpolicy.content.alloweval(); browserpolicy.content.allowinlinestyles(); browserpolicy.content.allowdataurlforall(); browserpolicy.content.allowsameoriginforall();
however come issue: external resources (font, javascript facebook sdk, etc) couldn't loaded due violating content security policy..
summary
i need drop x-frame-options response headers,, allowing iframed facebook,, either use browser policy or not... , of course without forcing users install extension...
any appreciated... thank youu,,
you can set response header of requests coming server following value
"x-frame-options", "allow-from samedomain, www.facebook.com/myfbsite"
you can globally setting header via filter
Comments
Post a Comment