iframes between concrete5 sites
Permalink
I am trying to "share" a blog between concrete5 installations so I only have to update posts in once place.
The blog was created on website A which is basically a landing page with links to regional sites.
Structure as follows:
Site A
- Site B
- Site C
I have managed to to get this to work with an iframe if I access the sites via the SiteA domain...eg SiteA.com/SiteB/Blog.
The problem is that nothing appears in the iframe if I access the regional site directly...eg SiteB.com/Blog.
After a little research I'm confident this is an issue with cross domain permissions. Does anyone have some guidance on how to get around this? Or maybe even a better way to do it?
All of the sites are hosted on the same server so I have access to all permissions and files. All sites are separate installations of concrete5 5.7.X.X
Thanks
The blog was created on website A which is basically a landing page with links to regional sites.
Structure as follows:
Site A
- Site B
- Site C
I have managed to to get this to work with an iframe if I access the sites via the SiteA domain...eg SiteA.com/SiteB/Blog.
The problem is that nothing appears in the iframe if I access the regional site directly...eg SiteB.com/Blog.
After a little research I'm confident this is an issue with cross domain permissions. Does anyone have some guidance on how to get around this? Or maybe even a better way to do it?
All of the sites are hosted on the same server so I have access to all permissions and files. All sites are separate installations of concrete5 5.7.X.X
Thanks
Thanks for the response.
I had a look at using the RSS feeds before I setup the iframe but the problem I found was any links to articles etc redirected to SiteA. Ideally I'd like user to be able to browse blog posts without leaving SiteB or SiteC.
Is there a way to do that with RSS feeds? I don't have a great understanding of them.
I had a look at using the RSS feeds before I setup the iframe but the problem I found was any links to articles etc redirected to SiteA. Ideally I'd like user to be able to browse blog posts without leaving SiteB or SiteC.
Is there a way to do that with RSS feeds? I don't have a great understanding of them.
RSS feeds are really just titles, links and summaries, it's not full content.
I'm not really sure with your iframe problem sorry, you might need to see what errors you are getting in something like Chrome's Web Developer console to debug that one.
I'm not really sure with your iframe problem sorry, you might need to see what errors you are getting in something like Chrome's Web Developer console to debug that one.
So I managed to get it sorted after talking to my server host.
The setting was actually available to me the whole time in the concrete5 config file.
Line 796 in the config file on SiteA:
What I did was comment out the x_frame_options line like this:
WORD OF WARNING.
This setting is there for a very important reason. It stops scammers grabbing your site pages and adding their own code before displaying it to users. Now in my case I don't believe there is any security concern as I am not dealing with any sensitive information. I think at the very worst a scammer could interfere with the links but it seems unlikely to me. I think it's more of an issue when there is personal information being transferred between domains (e.g. facebook)
Unless someone can give me a reason not to use this setup I'll leave it as it is.
The setting was actually available to me the whole time in the concrete5 config file.
Line 796 in the config file on SiteA:
'misc' => array( /** * Defence Click Jacking. * * @var bool|string DENY, SAMEORIGIN, ALLOW-FROM uri */ 'x_frame_options' => 'SAMEORIGIN' )
What I did was comment out the x_frame_options line like this:
'misc' => array( /** * Defence Click Jacking. * * @var bool|string DENY, SAMEORIGIN, ALLOW-FROM uri * 'x_frame_options' => 'SAMEORIGIN' */ )
WORD OF WARNING.
This setting is there for a very important reason. It stops scammers grabbing your site pages and adding their own code before displaying it to users. Now in my case I don't believe there is any security concern as I am not dealing with any sensitive information. I think at the very worst a scammer could interfere with the links but it seems unlikely to me. I think it's more of an issue when there is personal information being transferred between domains (e.g. facebook)
Unless someone can give me a reason not to use this setup I'll leave it as it is.
Hello Lemusa,
Were can I find this file now ? I am using version 5.7.5.9.
Were can I find this file now ? I am using version 5.7.5.9.
Hi Nesoor,
The file is the main config file. Concrete > Config > Concrete.php. Note that edits to this file will be overridden when you update unless you make a copy of it in the top level Config folder.
The file is the main config file. Concrete > Config > Concrete.php. Note that edits to this file will be overridden when you update unless you make a copy of it in the top level Config folder.
Hello Lemusa,
Thanks a lot ! I needed this for my editor when developing !
Thanks a lot ! I needed this for my editor when developing !
On the source site, find the rss feed for your blog, or set one up if you haven't got one yet.
You can set one up by searching for 'RSS Feeds' in the Intelligent Search. In there, you can configure a feed, giving it a handle, pick what pages types, location, etc. Then the feed is made available at yoursite.com/rss/yourfeedhandle
Then on the destination site, you can place an RSS block, pasting into it the RSS feed you've configured on the other site.
This then avoids the whole issue of iframes and the scrolly chaos that can happen. You can also create custom templates for the RSS block to style as is needed.