Access denied for h5p content

  • sandraae

    (@sandraae)


    8 months ago

    Dear support,

    On my WordPress site https://awareness4you.de I have created some h5p quizzes I’d like to embed to other pages outside https://awareness4you.de, specifically to Elopage courses. Other users tell me that this is not a problem at all, but on my pages I get the error message that awareness4you.de has declined the access. I tried embedding the code on one of my other WordPress pages, but get the same error message. Do I have to change some settings on the WordPress installation? I am using the Neve theme if this is of any interest for the topic.

    Thanks for your help, Sandra

Viewing 5 replies - 1 through 5 (of 5 total)
  • Plugin Author icc0rz

    (@icc0rz)

    This should not be needed. Do you have url to a page where it’s embedded and not working, or a screenshot of the error?

    Thread Starter sandraae

    (@sandraae)

    Sure, please have a look at this page: https://aengenheyster.com/h5p/

    I can see in the HTML code that some of the embed code is missing. But on the Elopage course I used the same code, other users have shown to me that it works for them.

    • This reply was modified 8 months ago by sandraae.
    Plugin Author icc0rz

    (@icc0rz)

    The site at https://awareness4you.de?has been configured to only allow embeds on the same site.

    This is controlled via the X-Frame-Options header.

    Our plugin removed this header by default for embed: https://github.com/h5p/h5p-wordpress-plugin/blob/0510e44b2ee55f70042a2532d04ddd45d8a6d249/admin/class-h5p-plugin-admin.php#L166
    However, it’s very likely that your web server/.htaccess or a different 3rdparty security plugin is overriding and setting the header again.

    Thread Starter sandraae

    (@sandraae)

    Ok, thanks. I’ll have a look to the web server settings.

    Thread Starter sandraae

    (@sandraae)

    As I cannot access the server myself, I’ve asked the support to have a look. They disabled a plugin that might have influenced the delivery of iframes and I have now added the following entries to the .htaccess:

    Header always unset X-Frame-Options

    Header set Content-Security-Policy “frame-ancestors ‘self’ https://*”

    Unfortunately it still does not work. Do you have any other idea? Thanks for your help

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘Access denied for h5p content’ is closed to new replies.