> visiting ayashii from the frames menu on heyuri.net doesn't work for me anymore, not sure why... (´ー`) Not sure why either (;´Д`) Reference: 2022/05/08(Sun) 12:49:13
> > visiting ayashii from the frames menu on heyuri.net doesn't work for me anymore, not sure why... (´ー`) > Not sure why either (;´Д`) https://support.mozilla.org/en-US/kb/xframe-neterror-page?as=u&utm_source=inproduct "If you see this error, it is usually caused by a misconfigured website that is trying to display another website without the consent of its owner." "Websites can use x-frame options or a content security policy to control if other websites may embed them on their own pages. This is an important security feature to prevent clickjacking, which is an attack that allows malicious sites to trick users into clicking links on a site." Basically, something with the board's configuration has changed that is blocking other sites from embedding it. It's a security protection, but... the secure web is boring! (;´Д`) I suspect line 706 in index.php/bbs.php is the culprit: function sethttpheader() { header('Content-Type: text/html; charset=UTF-8'); header("X-XSS-Protection: 1; mode=block"); header('X-FRAME-OPTIONS:DENY'); } Try commenting out the X-FRAME-OPTIONS line, and if it still doesn't work after that, the X-XSS-Protection line (that one should be fine though) Reference: 2022/05/08(Sun) 12:56:55
> > Not sure why either (;´Д`) > https://support.mozilla.org/en-US/kb/xframe-neterror-page?as=u&utm_source=inproduct > "If you see this error, it is usually caused by a misconfigured website > that is trying to display another website without the consent of its > owner." > "Websites can use x-frame options or a content security policy to > control if other websites may embed them on their own pages. This is an > important security feature to prevent clickjacking, which is an attack > that allows malicious sites to trick users into clicking links on a > site." > Basically, something with the board's configuration has changed that > is blocking other sites from embedding it. It's a security protection, > but... the secure web is boring! (;´Д`) > I suspect line 706 in index.php/bbs.php is the culprit: > function sethttpheader() { > header('Content-Type: text/html; charset=UTF-8'); > header("X-XSS-Protection: 1; mode=block"); > header('X-FRAME-OPTIONS:DENY'); > } > Try commenting out the X-FRAME-OPTIONS line, and if it still doesn't > work after that, the X-XSS-Protection line (that one should be fine > though) THX , it properly works now (゚ー`) Reference: 2022/05/08(Sun) 13:14:16