Skip to content

Markdown preview doesn't work #1409

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
nhooyr opened this issue Mar 11, 2020 · 6 comments
Closed

Markdown preview doesn't work #1409

nhooyr opened this issue Mar 11, 2020 · 6 comments
Labels
bug Something isn't working

Comments

@nhooyr
Copy link
Contributor

nhooyr commented Mar 11, 2020

#296 (comment)
@nhooyr nhooyr added the bug Something isn't working label Mar 11, 2020
@nhooyr nhooyr mentioned this issue Mar 11, 2020
Closed
@nhooyr
Copy link
Contributor Author

nhooyr commented Mar 11, 2020

Seems to be an iframe issue #296 (comment)

Maybe related to #1401

@ViRb3
Copy link

ViRb3 commented Mar 12, 2020
edited
Loading

Apologies, the problem was in an inherited nginx config:

# XSS
add_header X-Frame-Options DENY;
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";

Everything works after I cleared those headers. Feel free to close this issue.

@nhooyr nhooyr closed this as completed Mar 12, 2020
@nhooyr
Copy link
Contributor Author

nhooyr commented Mar 12, 2020

Glad you figured it out.

@jgsun
Copy link

jgsun commented Sep 12, 2021

Apologies, the problem was in an inherited nginx config:

# XSS
add_header X-Frame-Options DENY;
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";

Everything works after I cleared those headers. Feel free to close this issue.

I am wondering how to or where to clear those headers? Thanks you very mucy!

@miramar-labs
Copy link

It's still happening in the latest builds - any chance you could elaborate on the 'fix' mentioned above ?

@ViRb3
Copy link

ViRb3 commented Apr 8, 2022

I have a global nginx config called tls.conf which sets the following "security" headers:

# XSS
add_header X-Frame-Options DENY;
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";

These cause requests to be blocked by the browser while using code-server, resulting in the issue here. To fix it, simply don't set or clear the three headers mentioned above. For example:

server {
    server_name foo.bar;

    location / {
        # override from tls.conf
        # required for Markdown preview
        add_header X-Frame-Options "";
        add_header X-Content-Type-Options "";
        add_header X-XSS-Protection "";

        proxy_pass http://code-server:8080;
    }

    listen 443 ssl http2;
    include presets/tls.conf;
}

Hope this makes sense.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@miramar-labs @ViRb3 @nhooyr @jgsun