Quantcast
Channel: Mattermost Discussion Forums - Latest posts
Viewing all articles
Browse latest Browse all 25778

How can we load Mattermost in iframe?

$
0
0

I have successfully (it appears) embedded Mattermost in an iframe. I run the Mattermost Docker image with a nginx reverse proxy in front.

Be aware that by doing this you are decreasing the level of security of your site.

Mattermost uses a set of HTTP headers in addition to a JavaScript trick to prevent embedding/clickjacking.

In nginx I strip out the two relevant HTTP headers:

    location / {
        # Disable gzip due to https://bugs.debian.org/773332
        gzip off;
        # Enable WebSockets:
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";

        proxy_pass http://localhost:8065/;
        include /etc/nginx/proxy_params;

        # Mattermost does not allow embedding by default, so we strip out the header that restricts it:
        proxy_hide_header    Content-Security-Policy;
        proxy_hide_header    X-Frame-Options;
    }

The JavaScript is located in the /mattermost/mattermost/web/templates/head.html file.

Somewhat early in the file there is a snippet
<style id="antiClickjack">body{display:none !important;}</style>
Comment that out by adding <!-- and --> around it and you should be good!


Viewing all articles
Browse latest Browse all 25778

Trending Articles



<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>