@DV-JF opened this Issue on September 27th 2017

Hi,

I've installed Piwik 3.1.1 in a subfolder like this "https://www.example-one.com/piwik" Everything works fine on this domain, bit when I try to include the iframe for "opt-out" from a different domain eg. "https://www.example-two.com/" I only get an empty iframe.

Refused to display 'https://www.example-one.com/piwik/index.php?module=CoreAdminHome&action=optOut&language=de' in a frame because it set 'X-Frame-Options' to 'sameorigin'.

I've asked my hoster to set X-Frame-Options to allow www.example-two.com but this is not possible :-(

I've also tried to set enable_framed_settings=1 enable_framed_pages=1 in the config.ini.php but with no result.

Is there a workarround for this problem?

Many greets!

@mattab commented on October 2nd 2017 Member

I've also tried to set enable_framed_settings=1 enable_framed_pages=1 in the config.ini.php but with no result.

Did you add below the [General] section?

and if you create a 'test.html' file and open it with developer console do you see a HTTP header setting x-frame-options in the response?

@DV-JF commented on October 2nd 2017

This is how my config.ini.php looks like:

[General]
salt = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
enable_framed_settings=1
enable_framed_pages=1
trusted_hosts[] = "www.example-two.com"
trusted_hosts[] = "https:// www.example-two.com/"

I'm still getting the error message:
Refused to display 'https://www.example-one.com/analyse/index.php?module=CoreAdminHome&action=optOut&language=de' in a frame because it set 'X-Frame-Options' to 'sameorigin'

and if you create a 'test.html' file and open it with developer console do you see a HTTP header setting x-frame-options in the response?

Where should I create this file on example-one.com/analyse/ ?

@mattab commented on October 3rd 2017 Member

you could try adding the "example-one.com" in a new trusted_hosts entry as well if Piwik runs off there too?

Where should I create this file on example-one.com/analyse/ ?

yes

@mattab commented on June 18th 2019 Member

Hi there, to fix the issue can you try upgrade to the latest Matomo version?
https://matomo.org/docs/update/

if you still experience this issue afterwards, please re-open this and post a comment. Thanks!

@forreggbor commented on July 2nd 2019

Hi.

I have a domain where my Matomo runs from: analitika.mydomain.com
I have a main website: mydomain.com

This is the config.ini.php:
[General]
force_ssl = 1
enable_framed_pages = 1
enable_framed_settings = 1
trusted_hosts[] = "analitika.mydomain.com"
trusted_hosts[] = "https://analitika.mydomain.com"
trusted_hosts[] = "mydomain.com"
trusted_hosts[] = "https://mydomain.com"

I'd like to embed the privacy opt-out iframe on mydomain.com but I get this error message:
Refused to display 'https://analitika.mydomain.com/index.php?module=CoreAdminHome&action=optOut&language=hu&backgroundColor=&fontColor=&fontSize=&fontFamily=' in a frame because it set 'X-Frame-Options' to 'sameorigin'.

I have Matomo version 3.10.0 installed.

Any idea?

@tsteur commented on July 2nd 2019 Member

@forreggbor do you have any third party plugin installed? It should use allow AFAIK as x-frame-option value with Matomo 3.10

@forreggbor commented on July 2nd 2019

I have the following plugins installed and activated:

Actions (Core)
Annotations (Core)
BotTracker (v1.03)
BulkTracking (Core)
Contents (Core)
CustomPiwikJs (Core)
CustomVariables (Core)
Dashboard (Core)
DeviceNetworkInformation(v3.0.3)
DevicePlugins (Core)
DevicesDetection (Core)
Diagnostics (Core)
Ecommerce (Core)
Events (Core)
ExcludeByDDNS (v3.0.0)
Feedback (Core)
GeoIp2 (Core) Beállítások
Goals (Core)
Heartbeat (Core)
HidePasswordReset(v1.3.3) Beállítások
ImageGraph (Core)
Insights (Core)
IntranetMeasurable (Core)
Live (Core)
LogViewer (v3.0.4)
Login (Core) Beállítások
Marketplace (Core)
MobileAppMeasurable(Core)
MobileMessaging (Core)
Monolog (Core)
MultiSites (Core)
Overlay (Core)
PrivacyManager (Core) Beállítások
Provider (Core)
Referrers (Core)
ReferrersManager (v3.0.4)
Resolution (Core)
RssWidget (Core)
SEO (Core)
ScheduledReports (Core)
SegmentEditor (Core)
Tour (Core)
Transitions (Core)
TreemapVisualization(v3.1.1)
TwoFactorAuth (Core) Beállítások
UserCountry (Core)
UserCountryMap (Core)
UserId (Core)
UserLanguage (Core)
VisitFrequency (Core)
VisitTime (Core)
VisitorInterest (Core)
VisitsSummary (Core)
WhiteLabel (v3.3.7) Beállítások
Widgetize (Core)

This Issue was closed on June 18th 2019
Powered by GitHub Issue Mirror