Jump to content

Formbuilder Forms are blocked ERR_BLOCKED_BY_RESPONSE


Recommended Posts

Hi everybody

On site where I use a form built with formbuilder that worked just fine until very recently. I use the embed option A (easy embed) where you simply put a tag in the text, where you want to show the form.

All of a sudden, the form isn't displayed any more. Instead ther is the blocked-by-response error or a similar message.

How can this be fixed?

Thank you for help.

Link to comment
Share on other sites

You should be able to see more details in the browser's developer console telling you why exactly your browser thinks it mustn't display that part. If the messages in the error console don't give you a clue, you should inspect what happens over the network in your developer console. The most likely explanation for that behavior outside of CSP/CORS headers would be that PW for some reason uses a different domain or http vs. https in the request for the form contents in the embedded iframe.

  • Like 2
Link to comment
Share on other sites

24 minutes ago, joe_ma said:

So far I haven't done anything. Where ore how do I adjust these?

So it probably isn't this then, but for reference these are set either in headers returned by the server, or sometimes in HTML in the head section of your page.  Headers come either from PHP or from the Apache2 set up - in the .htaccess or apache config files.

  • Like 1
Link to comment
Share on other sites

It says:

Quote

Refused to display 'https://www.domain.com/' in a frame because it set 'X-Frame-Options' to 'sameorigin'.

But It certainly IS the same origin, as the form was built within the same pw site.

Link to comment
Share on other sites

The same origin policy has to match on the domain, port and protocol. So the host page and the iframe source need to be https, on port 443 (by default) on www.domain.com

For reference: and only if you actually need to add an exception to the X-Frame-Options header, you'll probably need to edit the root .htaccess file in your pw install to allow it.

  • Like 1
Link to comment
Share on other sites

I know it's a little counter intuitive, but domain.com !== www.domain.com => not the same origin.

Yet it sounds like your server headers are explicitly telling the browser not to load an iframe if it doesn't come from the same origin.

  • Like 1
Link to comment
Share on other sites

Simplest way to test is to edit your root .htaccess in the PW install directory and comment out the X-Frame-Options line (just start the line with a hash character '#') and save the .htaccess file, then clear cache and reload the page in your browser. If it works, then this is the issue and you'll either need to add an exception to the .htaccess to allow frame loading from www.domain.com or re-add the line and fix this a different way to ensure the source and iframe both load from domain.com (or both load from www.domain.com)

  • Like 1
Link to comment
Share on other sites

OK; when this is commented out, the form is displayed.

The console throws another error though:

Quote

Uncaught DOMException: Permission denied to access property "document" on cross-origin object

regarding two lines in formbuilder.js that are dealing with the size of the viewport.

Link to comment
Share on other sites

Quote

I know it's a little counter intuitive, but domain.com !== www.domain.com => not the same origin

Oh, I see! There is a difference indeed. The site is https://domain.com and the form gets loaded from https://www.domain.com. When I add the www for the site, the form is displayed.

So I set htacces rewrite to always use https://domain.com without www.

It looks, like it should work.

Thank you very much for your help!

  • Like 2
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...