3568.    User: Anonymous   Post date: 2022/05/08(Sun) 17:49:13           
visiting ayashii from the frames menu on heyuri.net doesn't work for me anymore, not sure why... (´ー`)
3570. >Anonymous-san   User: kaguya   Post date: 2022/05/08(Sun) 17:56:55              
> visiting ayashii from the frames menu on heyuri.net doesn't work for me anymore, not sure why... (´ー`)

Not sure why either (;´Д`)

Reference: 2022/05/08(Sun) 12:49:13
3572. >kaguya-san   User: Anonymous   Post date: 2022/05/08(Sun) 18:14:16           
> > visiting ayashii from the frames menu on heyuri.net doesn't work for me anymore, not sure why... (´ー`)
> Not sure why either (;´Д`)

https://support.mozilla.org/en-US/kb/xframe-neterror-page?as=u&utm_source=inproduct

"If you see this error, it is usually caused by a misconfigured website 
that is trying to display another website without the consent of its 
owner."

"Websites can use x-frame options or a content security policy to 
control if other websites may embed them on their own pages. This is an 
important security feature to prevent clickjacking, which is an attack 
that allows malicious sites to trick users into clicking links on a 
site."

Basically, something with the board's configuration has changed that 
is blocking other sites from embedding it. It's a security protection, 
but... the secure web is boring! (;´Д`)

I suspect line 706 in index.php/bbs.php is the culprit:

    function sethttpheader() {
        header('Content-Type: text/html; charset=UTF-8');
        header("X-XSS-Protection: 1; mode=block");
        header('X-FRAME-OPTIONS:DENY');
    }

Try commenting out the X-FRAME-OPTIONS line, and if it still doesn't 
work after that, the X-XSS-Protection line (that one should be fine 
though)

Reference: 2022/05/08(Sun) 12:56:55
3574. >Anonymous-san   User: kaguya   Post date: 2022/05/08(Sun) 18:50:50              
> > Not sure why either (;´Д`)
> https://support.mozilla.org/en-US/kb/xframe-neterror-page?as=u&utm_source=inproduct
> "If you see this error, it is usually caused by a misconfigured website 
> that is trying to display another website without the consent of its 
> owner."
> "Websites can use x-frame options or a content security policy to 
> control if other websites may embed them on their own pages. This is an 
> important security feature to prevent clickjacking, which is an attack 
> that allows malicious sites to trick users into clicking links on a 
> site."
> Basically, something with the board's configuration has changed that 
> is blocking other sites from embedding it. It's a security protection, 
> but... the secure web is boring! (;´Д`)
> I suspect line 706 in index.php/bbs.php is the culprit:
>     function sethttpheader() {
>         header('Content-Type: text/html; charset=UTF-8');
>         header("X-XSS-Protection: 1; mode=block");
>         header('X-FRAME-OPTIONS:DENY');
>     }
> Try commenting out the X-FRAME-OPTIONS line, and if it still doesn't 
> work after that, the X-XSS-Protection line (that one should be fine 
> though)

THX , it properly works now (゚ー`)

Reference: 2022/05/08(Sun) 13:14:16
4 posts found. ←Return