MyBB Community Forums

MyBB Community Forums > Resources > MyCodes > iframe code forbidden?
Full Version: iframe code forbidden?
You're currently viewing a stripped down version of our content. View the full version with proper formatting.

Palf

2016-08-08, 09:32 PM
Hi, 
I'm currently trying to add a new Mycode to my forums for Soundcloud embedding. Everytime I try and add the code including 'iframe' and then save it such as:
<iframe width="100%" height="166" scrolling="no" frameborder="no" src="https://w.soundcloud.com/player/?url=$1"></iframe>

 I get the error page below:
 ''Forbidden

You do not have permission to access this document.'' 

I'm running:
[mybb 1.8.7] and [php 5.4.4.5]
any ideas why I'm getting this error, could it be a problem with the host? the Mycode saves fine if its the older flash replacement code, but I understand Soundcloud no-longer support flash and now use HTML5, hence why I need to use the iframe code.

Any ideas please? Big Grin

thankyou.

Palf

2016-08-15, 10:10 PM
Bump, please help Big Grin

meetdilip

2016-08-16, 12:09 AM
iframe would need HTML enabled in editor. Did you check ?

Nathan Malcolm

2016-08-16, 12:49 AM
It's likely mod_security or something detecting it as an attack. You need to contact your host.

bekti

2016-08-16, 02:40 AM
That's right, contact your host, that's a false alarm in your hosting

Palf

2016-08-18, 09:38 PM
I can confirm I've resolved this issue now, it was infact Mod_security, a HTML filter blocking it, so thankyou very much for suggesting that.

stryderunknown

2016-09-07, 07:39 AM
On a similar topic:
in HTML5  iframes had a sandbox attribute added to try and further security, since any flash file or feed can potentially be exploited X-Script.

While technically Mybb 1.8.# isn't HTML5, browsers are forgiving enough to allow you use snippets to hybrid.

Below is a breakdown of what I've done, hopefully it will be helpful to someone else.

I added to the css3.css in themes:

.maxvidsize{
 width:85%;
}

.video-container {
 position: relative;
 padding-bottom: 56.25%; /* 16:9 */
 padding-top: 25px;
 height: 0;
}

.video-container iframe,
.video-container object,
.video-container embed {
    position: absolute;
    top: 0;
    left: 0;
    width: 100%;
    height: 100%;
}

I changed out the video_youtube_embed template to:
<div class="maxvidsize">
<div class="video-container">
<iframe width="560" height="315" src="https://www.youtube.com/embed/{$id}" frameborder="0" allowfullscreen sandbox="allow-same-origin allow-scripts"></iframe>
</div>
</div>
<a href="https://www.youtube.com/watch?v={$id}" target="_blank" title="External Link to youtube video"><i class="fa fa-fw fa-external-link"></i> https://www.youtube.com/watch?v={$id}</a>

This set's up the youtube video's to be in a sandbox (further security tightening is possible, so feel free to experiment)  
It's suppose to maintain ratio while scaling (for mobile platforms) but I wasn't able to test it fully.

It also automatically places a link at the bottom of the video.  This is actually necessary as if you are using a browser with security settings rigged to reduce tracking, video's won't actually show unless you follow the link directly (Iframes are blocked).

(You might notice with the link I was also using Fontawesome.  If you aren't using that, then just remove the < i> tag.)

With a bit of editing it should be easy enough to convert it to other video sites.
MyBB Community Forums > Resources > MyCodes > iframe code forbidden?