On all my browsers Firefox, Chrome + Chrome Mobile, Edge and IE the embedded Opt Out iFrame is not working…it´s only white space.
Other iFrames from different sources are working fine.
Piwik Script is getting integrated into my website with Haeder-Footer-Plugin…works fine.
I don´t want to use more Plugins like "WP-Matomo (WP-Piwik) + Matomo web analytics application.
Any solution for that?
Best Regards
Lukas
(Lukas Winkler)
April 26, 2018, 1:43pm
2
Hi,
Can you check if the <iframe>
has a propper closing </iframe>
tag?
The latest version has a bug where it is missing, which may causes your issue.
It has already been solved and will be included in the next release.
Actually the code given by the code generator did not had a proper closing…I added it manually.
1 Like
I closed it with : </iframe>
…
<iframe style="border: 0; height: 200px; width: 600px;" src="https://piwik.website.de/index.php?module=CoreAdminHome&action=optOut&language=de&backgroundColor=ffffff&fontColor=ff0000&fontSize=17px&fontFamily=Hind" width="300" height="150"></iframe>
Adding for example a youtube iFrame works fine!
But even with the propper closing tag it is not working!
Lukas
(Lukas Winkler)
April 26, 2018, 2:22pm
7
Hi,
Can you maybe send me an link to the page. I can’t think of a reason at the moment.
It should be visible here:
Dein Online Golfshop für ganz besonderes Golfzubehör. Golfballfinder, LED Nachtgolf-Ausrüstung, Golfhandschuhe, Pitchgabeln und Golfbälle.
Lukas
(Lukas Winkler)
April 26, 2018, 2:29pm
9
Hi,
You are using a JS library which tries to lazy-load the iframe (I think).
But this isn’t the issue.
Your Matomo instance is sending X-Frame-Options: sameorigin
(You probably added it once in your webserver config together with the XSS
-Headers. But as the Website and the Matomo instance are not on the same origin (different domains), the website isn’t allowed to embed the iFrame.
So you’ll need to change the header.
fdellwing
(Fabian Dellwing)
April 26, 2018, 2:34pm
10
Oh and please don’t use X-Frame-Options
because it is unflexibel. Instead use a proper CSP like this:
Header always append Content-Security-Policy: "frame-ancestors 'self' *.golfball-uhu.de"
Hmmm is there an manual how to do that!?
fdellwing:
X-Frame-Options
I have no idea what this X-Frames-Options are!???
fdellwing
(Fabian Dellwing)
April 26, 2018, 2:38pm
13
This header is most likely set in a .htaccess file or the apache vhost. Do you have shell access to your document root?
How did I do that??? No idea
As I said, the Piwik Code is added with the Header-Footer-Plugin…that´s it. Piwik is installed in the database of the main domain
www.golfball-uhu.de
and is getting used for
www.golfball-uhu.de
and
shop.golfball-uhu.de
fdellwing:
shell access
FTP-access…that´s what I have…shell???
fdellwing
(Fabian Dellwing)
April 26, 2018, 2:42pm
16
So, no is the correct answer.
As you have only ftp access, your sites are hosted by a shared hoster?
fdellwing
(Fabian Dellwing)
April 26, 2018, 2:45pm
18
Than please write a support ticket (if possible) asking your hoster to replace the X-Frame-Origin: sameorigin
header with Content-Security-Policy: "frame-ancestors 'self' *.golfball-uhu.de"
for your domain piwik.golfball-uhu.de
.
1 Like
How do I get a support ticket? I´m new here
fdellwing
(Fabian Dellwing)
April 26, 2018, 2:56pm
20
A support ticket to your hoster