Fixed Facebook Canvas

Mike Edge

Well-known member
Using xF inside canvas as a web app, nothing loads other then a white page. I tried with a test version of my fully working 1.1.3 version upgraded to 1.1.4 and also with a fresh 1.1.4 install. Admin back end works fine.
 
This is the clickjacking prevention. You will need to edit the ViewRenderer to remove it currently, but I'm looking at making it a config.php option in the future.
 
We actually filed a ticket on it, but found out it is possible to work around this using <Location> or <Directory> settings in the vhost file for the domain.

However, it would be great being able to configure the setting in Admin CP.
 
It's going to be config.php option because you should know why you want to disable it, as it's a security measure.

$config['enableClickjackingProtection'] = false;

Will prevent it from being triggered in 1.1.5.

Was this added to 1.1.5?
 
Top Bottom