Render Iframe from a Gitpod server
mateusfg7 opened this issue · comments
I'm coding my website from online gitpod IDE, when I start my server, the gitpod container localhost:3000
is mapped to something like this: https://3000-mateusfg7-mateusfcom-44ov2ffb9ry.ws-us107.gitpod.io/
.
But when I try to render the Giscus iframe, the website shows this error:
The github.com connection was refused
And on console it shows this error:
Refused to frame 'https://github.com/' because an ancestor violates the following Content Security Policy directive: "frame-ancestors 'none'".
I was thinking that is something related with origins
, so I added this line on my giscus.json
:
{
"origins": [
"https://www.mateusf.com",
"https://www.mateusf.vercel.app/",
"https://www.mfg-b-mateusfg7.vercel.app/",
"https://mateusf.com",
"https://mateusf.vercel.app/",
"https://mfg-b-mateusfg7.vercel.app/"
],
"originsRegex": [
"https://mateusf-([A-z0-9]|-)*mateusfg7\\.vercel\\.app",
+ "https://[0-9]+-mateusfg7-mateusfcom-[A-Za-z0-9]+\\.ws-[A-Za-z0-9]+\\.gitpod\\.io",
"http://localhost:[0-9]+"
]
}
But the error persists. What can I do?
The problem was with the branch that I was saving the giscus.json
changes to. It was not the default branch.
When I saved the new regexOrigin
in the default branch of my repository, the iframe started rendering again.
Yep, only giscus.json
in the default branch is used, in case you have different branches.
I added a redirect to #1298 in #1299 if the origin
is disallowed, because people kept misusing this repo's discussions to test their projects. Before the redirect was introduced, you would see "giscus.app refused to connect", and some people would open the iframe's URL in a separate tab which bypasses the protection.