Since we upgraded to 1.7 the widgets we embedded in a separate reporting site aren’t loading because the widget page now has a header, X-Frame-Options: sameorigin.
Was this an intentional change? How can I get my reporting site working again?
Since we upgraded to 1.7 the widgets we embedded in a separate reporting site aren’t loading because the widget page now has a header, X-Frame-Options: sameorigin.
Was this an intentional change? How can I get my reporting site working again?
The link you pointed me to says, “If you wish to include widgets in your website or app, we recommend you use the standard “Widgets” mechanism.”
That’s what I’m doing. I am using widgets just like always. It worked in version 1.6 but not in 1.7. You can test this by going to widgets in an installation selecting an example, and copy the code from embed iframe then put that in an html page in another domain. It doesn’t work because it’s not same domain.
Thanks for the report, you are right this was a regression introduced in 1.7: apply this patch: http://dev.piwik.org/trac/changeset/5917
and it should work. 1.7.1 to be released very soon
I wish I had discovered this before you created the update, but unfortunately I just found it. If you “Widgetize the full dashboard,” then the X-Frame-Options header is still included.
It appears widgets related to goals also return the X-Frame-Options header.