Was something changed on the Pale Moon forum website beginning around 12:00 UTC Friday that now prevents using the website view mode in Netvibes, which now indicates it prevents embedding via iframe per attached ss? Choosing "reader view" vs. "web site view" renders unstyled text content of individual posts without thread continuity of viewing earlier or later posts and excludes any inline images, so it is much less efficient and visually pleasing in this case.
I've never had this problem in 4+ years prior to yesterday and whatever was changed also affects other browsers on both Win 7 and Linux. Any ideas on how to resolve (revert) this, MC?
Website now prevents embedding via iframe
Moderators: FranklinDM, Lootyhoof
Re: Website now prevents embedding via iframe
Yes, something was indeed changed.
Framing the Pale Moon forum is no longer allowed. This was changed on purpose to prevent clickjacking and similar attacks.
I can see if it's possible to allow netvibes' reader as an exception, but no promises.
Framing the Pale Moon forum is no longer allowed. This was changed on purpose to prevent clickjacking and similar attacks.
I can see if it's possible to allow netvibes' reader as an exception, but no promises.
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
Re: Website now prevents embedding via iframe
I've added a CSP directive that should allow netvibes. Unfortunately CSP is very annoying to implement on a forum with lots of external and internal content intermixed, but this should work.
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
Re: Website now prevents embedding via iframe
Unfortunately it hasn't made any difference. Is there a setting I can change regarding OCSP certificate validation or elsewhere? Or, is there another feed reader you might suggest that isn't adversely affected by this additional defense? I've never experienced anything adverse security-wise (if that is the attack vector it aims to prevent) after years of usage. In less than a day I already miss the convenience, not to mention a general resistance to change that diminishes outcome.
Re: Website now prevents embedding via iframe
OCSP != CSP
They are completely different things.
Unfortunately I don't know how netvibes tries to request the page (from what domain) so that makes it impossible to get the correct CSP policy in place.
It's also possible netvibes only checks the X-Frame-Options header and refuses to collect data if it's set restrictive (ignoring CSP in that case).
I've removed the CSP policy again since it's not working, but I do insist on preventing the forum from being framed inside other websites.
They are completely different things.
Unfortunately I don't know how netvibes tries to request the page (from what domain) so that makes it impossible to get the correct CSP policy in place.
It's also possible netvibes only checks the X-Frame-Options header and refuses to collect data if it's set restrictive (ignoring CSP in that case).
I've removed the CSP policy again since it's not working, but I do insist on preventing the forum from being framed inside other websites.
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite