Issue: Xenforo - Can't upload files, Multiple 'X-Frame-Options' headers with conflicting values

Issue Tools
- View Changes

May 11, 2015 9:05 AM

redway

New Member

Xenforo - Can't upload files, Multiple 'X-Frame-Options' headers with conflicting values

Unable to upload any files in our VaultWiki install due to the above error.

Hopefully the error from the console displays OK below.

Our install of VaultWiki over at https://speakev.com is currently being tested. We are unable to upload any files, receiving the following error regarding x-frame-option headers.

Any help?

Code:

[Error] Multiple 'X-Frame-Options' headers with conflicting values ('SAMEORIGIN, DENY') encountered when loading 'https://speakev.com/index.php?wiki-ajax/&c=upload'. Falling back to 'DENY'. (about:blank, line 0)
[Error] Refused to display 'https://speakev.com/index.php?wiki-ajax/&c=upload' in a frame because it set 'X-Frame-Options' to 'SAMEORIGIN, DENY'. (about:blank, line 0)
[Error] Sandbox access violation: Blocked a frame at "https://speakev.com" from accessing a frame at "null".  The frame being accessed is sandboxed and lacks the "allow-same-origin" flag.
	DEFAULT_GETTER (yui_loader.php, line 19)
	_get (yui_loader.php, line 19)
	get (yui_loader.php, line 19)
	_uploadComplete (yui_loader.php, line 1)
	(anonymous function) (yui_loader.php, line 1)
	_notify (yui_loader.php, line 4)
	notify (yui_loader.php, line 4)
	_notify (yui_loader.php, line 3)
	_procSubs (yui_loader.php, line 3)
	fireSimple (yui_loader.php, line 3)
	_fire (yui_loader.php, line 3)
	fire (yui_loader.php, line 3)
	fn (yui_loader.php, line 7)
[Error] TypeError: undefined is not an object (evaluating 's.one')
	_uploadComplete (yui_loader.php, line 1)
	(anonymous function) (yui_loader.php, line 1)
	_notify (yui_loader.php, line 4)
	notify (yui_loader.php, line 4)
	_notify (yui_loader.php, line 3)
	_procSubs (yui_loader.php, line 3)
	fireSimple (yui_loader.php, line 3)
	_fire (yui_loader.php, line 3)
	fire (yui_loader.php, line 3)
	fn (yui_loader.php, line 7)

Issue Details

Issue Number 4292

Issue Type Bug

Project VaultWiki 4.x Series

Category Attachments

Status Not a Bug

Priority 1 - Security / Login / Data Loss

Affected Version 4.0.3

Fixed Version (none)

Milestone (none)

Software DependencyAny

License TypePaid

Users able to reproduce bug 0

Users unable to reproduce bug 0

Attachments 0

Assigned Users (none)

Tags attachments, www.animefans.tv

May 11, 2015 11:18 AM

pegasus

VaultWiki Team

It looks like your server is configured to send an X-Frame-Options header with a DENY value. This suggests that no frames or functionality that relies on frames will work on your server (were you able to run the installation in auto-mode, or did you have to click through each step at a time?)

You should remove the code that sends the X-Frame-Options: Deny header, since you already send SAMEORIGIN (or it is implied) which should be secure enough.

VaultWiki does not send this header. We cannot send one to override your server's header, because it would result in the error you posted.

Reply
May 11, 2015 11:20 AM

redway

New Member

Hello, thanks for the quick reply. I'll check that as we SHOULD only have same origin, not deny, set anywhere in the configuration.

I'll report back my findings!

Thanks again!

Reply
May 11, 2015 2:32 PM

redway

New Member

Super, this is sorted and was a server configuration issue. Thanks so much for the quick response and pointers!

Reply

+ Reply

All times are GMT -4. The time now is 11:38 AM.

This site uses cookies to help personalize content, to tailor your experience, and to keep you logged in if you register.
By continuing to use this site, you are consenting to our use of cookies.

Learn more… Accept Remind me later

Welcome to VaultWiki.org, home of the wiki add-on for vBulletin and XenForo!

Issue: Xenforo - Can't upload files, Multiple 'X-Frame-Options' headers with conflicting values

Issue Tools