1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

RM 1.1 Issue uploading resource or images for resource posting in Opera 26.

Discussion in 'Resource Manager Support' started by rainmotorsports, Nov 25, 2014.

  1. rainmotorsports

    rainmotorsports Well-Known Member

    I was using Opera v26 to test an alternate account with my main logged into Chrome. I could not get either resources or the images for the post to upload properly. Had no issues uploading an attachment to a thread. Tried it again with all add-ons disabled. It would go into an ajax progress and never end. Saving the resource and looking at it again revealed the files to all have actually uploaded.

    The following is what the console output:

    Multiple 'X-Frame-Options' headers with conflicting values ('SAMEORIGIN, DENY') encountered when loading 'https://www.raindd.com/attachments/do-upload'. Falling back to 'DENY'.
    about:blank:1 Refused to display 'https://www.raindd.com/attachments/do-upload' in a frame because it set 'X-Frame-Options' to 'SAMEORIGIN, DENY'.
    jquery-1.11.0.min.js:2 Uncaught SecurityError: Failed to read the 'contentDocument' property from 'HTMLIFrameElement': Sandbox access violation: Blocked a frame at "https://www.raindd.com" from accessing a frame at "null". The frame being accessed is sandboxed and lacks the "allow-same-origin" flag.

    Wasn't having the issue in Chrome. Fresh install of Opera 26. Board URL is set correct. Server forcing all traffic to www and https.
     
  2. Mike

    Mike XenForo Developer Staff Member

    I'm not sure where that X-Frame-Options: DENY is coming from. XF sets the SAMEORIGIN value.

    It looks like it's being set at the webserver level as I see it on a JS file (served directly). You will likely need to remove that for the XF directory (or at least set it to SAMEORIGIN).
     
    DeltaHF and rainmotorsports like this.
  3. rainmotorsports

    rainmotorsports Well-Known Member

    Thanks mike. It was in the config due to a common nginx recommendation. Typically filed under HTTP Strict Transport Security its actually there for anti click jacking which Xenforo already tries to handle. Sigh. Sometimes I should pay more attention.
     
    SneakyDave and DeltaHF like this.

Share This Page