Latest Posts

Topic: French forum unavailable from widelands.fr

Vassili
Avatar
Topic Opener
Joined: 2013-10-12, 19:19
Posts: 169
Ranking
At home in WL-forums
Location: France
Posted at: 2016-09-02, 01:32

https://wl.widelands.org/forum/forum/7/ does not work anymore from my website.

A copy-paste of the url work (or an "open in new tab").

Did i must take that like a DRM specially made for me?

Edited: 2016-09-02, 01:33

Top Quote
SirVer

Joined: 2009-02-19, 15:18
Posts: 1445
Ranking
One Elder of Players
Location: Germany - Munich
Posted at: 2016-09-02, 07:24

We did not change any deployment lately afaik. I do not know why something on your website did break, but I think it unlikely that it is something we did. And if so, than by accident. Could you describe your problem in more detail?


Top Quote
Vassili
Avatar
Topic Opener
Joined: 2013-10-12, 19:19
Posts: 169
Ranking
At home in WL-forums
Location: France
Posted at: 2016-09-02, 07:30

Without deep inspection certainly above my knowledge, with tools like BURP! proxy for look HTTP request, i do not think.

Go on widelands.fr, click on forum, choose the first option (or the third), and you will see what i'm talking about: a blank page.


Top Quote
SirVer

Joined: 2009-02-19, 15:18
Posts: 1445
Ranking
One Elder of Players
Location: Germany - Munich
Posted at: 2016-09-02, 08:29

My browsers shows this error when I do that:

Refused to display 'https://wl.widelands.org/forum/forum/7/' in a frame because it set 'X-Frame-Options' to 'SAMEORIGIN'.

I think this could be due to Django, a quick Google search showed up this: https://docs.djangoproject.com/en/1.10/ref/clickjacking/. Not sure if that is the underlying issue.


Top Quote
Vassili
Avatar
Topic Opener
Joined: 2013-10-12, 19:19
Posts: 169
Ranking
At home in WL-forums
Location: France
Posted at: 2016-09-02, 08:33

It's exactly what i was thinking.. a frame blocker from your side.

So Django do this by default, it's not your choice? (the page you linked is not clear for me, you must set it but it's default...)

What is your browser and how do you get the error message?

Edited: 2016-09-02, 08:36

Top Quote
SirVer

Joined: 2009-02-19, 15:18
Posts: 1445
Ranking
One Elder of Players
Location: Germany - Munich
Posted at: 2016-09-02, 08:54

Vassili wrote:

It's exactly what i was thinking.. a frame blocker from your side.

yup, looks like this came with the django update. It apparently is a security feature, but I know too little about it. Why are you serving Widelands.org in an iframe instead of linking to the site?

So Django do this by default, it's not your choice? (the page you linked is not clear for me, you must set it but it's default...)

No, seems to be a default setting.

What is your browser and how do you get the error message?

Chrome - I see it in the dev tools section.


Top Quote
kaputtnik
Avatar
Joined: 2013-02-18, 20:48
Posts: 2433
OS: Archlinux
Version: current master
Ranking
One Elder of Players
Location: Germany
Posted at: 2016-09-02, 09:01

This was introduced by the code update to Django 1.8. I did not know that your site uses frames for displaying the forum and i tried to use all security relevant things which django provides. See also https://en.wikipedia.org/wiki/Clickjacking

We have to decide if we disable Clickjacking protection at all or partially.


Fight simulator for Widelands:
https://wide-fighter.netlify.app/

Top Quote
Vassili
Avatar
Topic Opener
Joined: 2013-10-12, 19:19
Posts: 169
Ranking
At home in WL-forums
Location: France
Posted at: 2016-09-02, 09:04

Ok


Top Quote
GunChleoc
Avatar
Joined: 2013-10-07, 15:56
Posts: 3324
Ranking
One Elder of Players
Location: RenderedRect
Posted at: 2016-09-02, 12:13

Vassili, would you be happy to link to the forum here rather than embedding it on your site? I think that might be the solution that causes the least trouble technically.


Busy indexing nil values

Top Quote
Vassili
Avatar
Topic Opener
Joined: 2013-10-12, 19:19
Posts: 169
Ranking
At home in WL-forums
Location: France
Posted at: 2016-09-02, 17:07

So, i will put a link to widelands.org somewhere, and no longer redirect to your forum, so i will do mine...


Top Quote