0

I'm trying to add some pages from my site www.drewgl.com to stumbleupon. It is very dependent on javascript. When I view my site through stumbleupon the javascript gets blocked. Specifically, I see the error:

Uncaught SecurityError: Blocked a frame with origin "http://www.drewgl.com" from accessing a frame with origin "http://www.stumbleupon.com". Protocols, domains, and ports must match

I'm using rails 4 deployed to heroku. I have my X-frame options set to allow all. I read through the answers here: SecurityError: Blocked a frame with origin from accessing a cross-origin frame and it seems as if the only way to get around this issue is to use window.postmessage to send messages between the two pages. To do this, however, you must own both pages.

Of course, this condition cannot be met with Stumbleupon, so how can I get around the issue?

Edit: I just downloaded the stumbleupon toolbar for chrome. After doing this, I no longer get the above error message. Either way I'd still like to fix this problem for stumblers that don't have the toolbar.

Community
  • 1
  • 1
Drew Lilley
  • 17
  • 4

2 Answers2

1

Rails app not loading on StumbleUpon? Add this to your ApplicationController

  before_action :allow_iframe_requests

private

  def allow_iframe_requests
    response.headers.delete('X-Frame-Options')
  end

https://github.com/rails/rails/issues/6311

Jay Gabez
  • 75
  • 1
  • 6
0

Figured it out. If anyone's curious, you're not allowed to access the current path from within an iframe. This chunk of code was causing the issue:

//     if (top.location.pathname === '/users/sign_in')
// {
//     $('#login').modal('show');
// }
Drew Lilley
  • 17
  • 4