Embedding WP posts from others website doesn’t work as expected

  • Resolved Cafeine

    (@cafeine)


    7 years, 7 months ago

    So, I spent way too much time on this, because I wasn’t sure what the problem was. I still don’t but I’m sure it’s not my website now. ??

    Problem:
    Embedding a WP post (direct link in visual editor) still doesn’t work as expected in A LOT of case. I still only get a link if it’s from another website.

    – In every case, embedding work if the link is from the same website.
    – if the link is from another website, even from the same server : link instead of the embed.
    – In some rare cases, not even a link.
    – And now, the big final WTF element: I found a couple of random blogs in my tests and THEY DID WORK on my site. Crazy. On 15 others links from well-known WP sites: nothing was embedded…

    I tried to deactivate the shortcode embed option in Jetpack. Deactivate jetpack. Nothing change. On a side note, whoever came up with the new UI for jetpack, hiding most of the modules: BAD. IDEA. 30 min lost to hunt them in the debug menu. Hated you.

    I’m lost here, it could be a server config thing, a WP bug, a jetpack bug (less likely), but I asked 3 friends to try on their WP install = same problem. Fire your ideas but I think we can say at this point that THEIR IS a problem. ??

    Thanks for your help.

Viewing 5 replies - 1 through 5 (of 5 total)
  • Moderator Steven Stern (sterndata)

    (@sterndata)

    Volunteer Forum Moderator

    Please provide a link to a page on your site where we can see this. Thanks.

    Thread Starter Cafeine

    (@cafeine)

    I made a page to test that for you.

    Asiavibes / Cafzone /Geekzone are on the same server. The rest is random, known WP installs.

    And yes ONE russian blog does work. *scratching head*

    Pics of the admin:

    https://www.dropbox.com/s/onajzfrsjfszafs/WP%20Embed%201.png?dl=0
    https://www.dropbox.com/s/k4xq5lsptf2q0f5/WP%20Embed%202.png?dl=0

    Note how some of them are not even links in the admin BUT are parsed as link on the site…

    • This reply was modified 7 years, 7 months ago by Cafeine.
    Moderator Steven Stern (sterndata)

    (@sterndata)

    Volunteer Forum Moderator

    Lots of errors in the console, but this appears to be due to an iframe orgin blocks:

    Specifically,
    efused to display 'https://www.asiavibes.info/2017/04/eyedi-best-mistake-acoustic-ver/embed/#?secret=523902X7Kd' in a frame because it set 'X-Frame-Options' to 'sameorigin'.

    That site does not want to be embedded.

    All errors:

    Mixed Content: The page at 'https://www.geekzone.fr/testing-embeds/' was loaded over HTTPS, but requested an insecure resource 'https://www.numerama.com/pop-culture/247318-power-rangers-le-film-pour-les-adultes-qui-etaient-des-enfants-en-1994.html/embed/'. This request has been blocked; the content must be served over HTTPS.
about:blank:1 Mixed Content: The page at 'https://www.geekzone.fr/testing-embeds/' was loaded over HTTPS, but requested an insecure resource 'https://www.radiokawa.com/combien-kawa-coute-mars-2017/embed/'. This request has been blocked; the content must be served over HTTPS.
a1e4f.default.include.f62845.js:9 JQMIGRATE: Migrate is installed, version 1.4.1
a1e4f.default.include.f62845.js:2 Uncaught Error: Syntax error, unrecognized expression: a[href=#?secret=tMBJELcjvg]
    at Function.fa.error (https://www.geekzone.fr/wp-content/cache/minify/a1e4f.default.include.f62845.js:2:12733)
    at fa.tokenize (https://www.geekzone.fr/wp-content/cache/minify/a1e4f.default.include.f62845.js:2:18786)
    at fa.compile (https://www.geekzone.fr/wp-content/cache/minify/a1e4f.default.include.f62845.js:2:21417)
    at fa.select (https://www.geekzone.fr/wp-content/cache/minify/a1e4f.default.include.f62845.js:2:22125)
    at fa (https://www.geekzone.fr/wp-content/cache/minify/a1e4f.default.include.f62845.js:2:7320)
    at Function.fa.matches (https://www.geekzone.fr/wp-content/cache/minify/a1e4f.default.include.f62845.js:2:12062)
    at Function.n.filter (https://www.geekzone.fr/wp-content/cache/minify/a1e4f.default.include.f62845.js:2:23855)
    at a.fn.init.n.fn.(anonymous function) [as children] (https://www.geekzone.fr/wp-content/cache/minify/a1e4f.default.include.f62845.js:2:27078)
    at https://www.geekzone.fr/wp-content/cache/minify/a1e4f.default.include-footer.cb15e1.js:187:6
    at HTMLDocument.<anonymous> (https://www.geekzone.fr/wp-content/cache/minify/a1e4f.default.include-footer.cb15e1.js:189:4)
(index):1 Refused to display 'https://www.cafzone.net/2014/03/smooth-k-pop-dredi/embed/#?secret=iJ5Hb2jSPo' in a frame because it set 'X-Frame-Options' to 'sameorigin'.
(index):1 Refused to display 'https://www.cafzone.net/2014/05/du-rap-vole-sky-hi/embed/#?secret=JrmCZCyJUe' in a frame because it set 'X-Frame-Options' to 'sameorigin'.
www.cafzone.net/2014/03/smooth-k-pop-dredi/embed/#?secret=iJ5Hb2jSPo Failed to load resource: net::ERR_BLOCKED_BY_RESPONSE
(index):1 Refused to display 'https://www.asiavibes.info/2017/04/dreamcatcher-good-night/embed/#?secret=ONPXELHX94' in a frame because it set 'X-Frame-Options' to 'sameorigin'.
www.cafzone.net/2014/05/du-rap-vole-sky-hi/embed/#?secret=JrmCZCyJUe Failed to load resource: net::ERR_BLOCKED_BY_RESPONSE
www.asiavibes.info/2017/04/dreamcatcher-good-night/embed/#?secret=ONPXELHX94 Failed to load resource: net::ERR_BLOCKED_BY_RESPONSE
(index):1 Refused to display 'https://www.asiavibes.info/2017/04/eyedi-best-mistake-acoustic-ver/embed/#?secret=523902X7Kd' in a frame because it set 'X-Frame-Options' to 'sameorigin'.
www.asiavibes.info/2017/04/eyedi-best-mistake-acoustic-ver/embed/#?secret=523902X7Kd Failed to load resource: net::ERR_BLOCKED_BY_RESPONSE
    Thread Starter Cafeine

    (@cafeine)

    Damn, so server settings it is. Gnnnnn. I’ll report here what I find, It may help another user. ??

    Thanks for the tip.

    Thread Starter Cafeine

    (@cafeine)

    OK. FIXED. So, what was the problem? NGINX security settings related to X-frame. They were doing their job, and still are. But we found how to “whitelist” some stuff so we can embed our different websites into each other.

    But it means this feature needs some tweaking to be safer and work “by default” for everyone. As it is, you can’t embed anything besides your own content, if the server you want to embed stuff from is properly secured.

    You can read this for more information.

    URLs intended to embedded in an iframe include an X-WP-embed: true header, which you can detect in nginx and remove the X-Frame-Options: SAMEORIGIN rule for that case.

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘Embedding WP posts from others website doesn’t work as expected’ is closed to new replies.

Tags