Cross origin framing does not work from 2.6 on


#1

Hello,

iframe from piwik does not show up when empedded on a different domain since update to 2.6
Tried with 2.7 b1 and still doesn’t work.

checked the response headers from the piwik iframe and it says:
x-frame-options: sameorigin

May it be that the following is missing?

<?php header('X-Frame-Options: GOFORIT'); ?>

Thanks


#2

I don’t know if this is a new feature added, but after looking at the source code I found out what you have to do to make the iframe working again.

In the config.ini.php I set
[General]
enable_framed_settings = 1
enable_framed_pages = 1

and now the opt-out iframe shows again on all the websites.

Was this newly added? If yes, maybe the opt-out frame should be excluded from this rule or the default setting of above values shouldn’t be 0?

Thanks.


(Matthieu Aubry) #3

Thanks for report. see bug report Allow opt-out to be shown within an iframe on other domains by Guite · Pull Request #6132 · matomo-org/matomo · GitHub


#4

Okay thank you. Didn’t find that :frowning: