Fixed Facebook Canvas

[Mike Edge]

Using xF inside canvas as a web app, nothing loads other then a white page. I tried with a test version of my fully working 1.1.3 version upgraded to 1.1.4 and also with a fresh 1.1.4 install. Admin back end works fine.

 

[Mike]

This is the clickjacking prevention. You will need to edit the ViewRenderer to remove it currently, but I'm looking at making it a config.php option in the future.

 

[Mike Edge]

Where is this ViewRenderer located?

 

[Mike]

library/XenForo/ViewRenderer/Abstract.php

Remove the X-Frame-Options line (line 54).

 

[SchmitzIT]

We actually filed a ticket on it, but found out it is possible to work around this using <Location> or <Directory> settings in the vhost file for the domain.

However, it would be great being able to configure the setting in Admin CP.

 

[Mike]

It's going to be config.php option because you should know why you want to disable it, as it's a security measure.

$config['enableClickjackingProtection'] = false;

Will prevent it from being triggered in 1.1.5.

 

[Mike Edge]

It's going to be config.php option because you should know why you want to disable it, as it's a security measure.

$config['enableClickjackingProtection'] = false;

Will prevent it from being triggered in 1.1.5.

Was this added to 1.1.5?

 

[Mike]

Yes.