amp-iframe 内的 amp 页面上的 Disqus [英] Disqus on an amp page inside an amp-iframe
问题描述
我尝试在 amp 文档上实现 Disqus.我的想法是使用 amp-iframe它加载一个只包含 Disqus 的小文档.我用过这个放大器框架
I try to implement Disqus on an amp document. My idea is to use an amp-iframe which loads a small document which only contains Disqus. I used this amp frame
<amp-iframe width="300" height="300"
layout="responsive"
sandbox="allow-forms allow-modals allow-popups allow-popups-to-escape-sandbox allow-scripts"
resizable
frameborder="0"
seamless
src="/disquss/name-of-blog-post">
<div overflow tabindex=0 role=button aria-label="Read more">more!</div>
</amp-iframe>
然而,chrome 引发了内容安全策略违规:
However, chrome throws a content security policy violation:
拒绝加载脚本'https://a.disquscdn.com/next/embed/lounge.load.f3e1717b65a56e548d656e504'因为它违反了以下内容安全策略指令:"script-src https://.twitter.com:https://api.adsnative.com/v1/ad.json *.adsafeprotected.comhttps://cas.criteo.com/delivery/0.1/napi.jsonp .services.disqus.com:http://referrer.disqus.com/juggler/ disqus.com http://.twitter.com:a.disquscdn.com https://referrer.disqus.com/juggler/https://.services.disqus.com: *.moatads.com 'unsafe-eval'https://mobile.adnxs.com/mob https://ssl.google-analytics.com".
Refused to load the script 'https://a.disquscdn.com/next/embed/lounge.load.f3e1717b71e7256da258d3a504e56865.js' because it violates the following Content Security Policy directive: "script-src https://.twitter.com: https://api.adsnative.com/v1/ad.json *.adsafeprotected.com https://cas.criteo.com/delivery/0.1/napi.jsonp .services.disqus.com: http://referrer.disqus.com/juggler/ disqus.com http://.twitter.com: a.disquscdn.com https://referrer.disqus.com/juggler/ https://.services.disqus.com: *.moatads.com 'unsafe-eval' https://mobile.adnxs.com/mob https://ssl.google-analytics.com".
所以基本上,chrome 不会加载 https://a.disquscdn.com/next/embed/lounge.load.f3e1717b71e7256da258d3a504e56865.js
即使 a.disquscdn.com
代码> 是允许的.此限制来自 iframe disqus 的使用.当我使用原生沙盒 而不是
时,这不是问题.
So basically, chrome does not load https://a.disquscdn.com/next/embed/lounge.load.f3e1717b71e7256da258d3a504e56865.js
even though a.disquscdn.com
is allowed. This restriction comes from an iframe disqus uses. This isn't a problem when I use a native sandboxed <iframe>
instead of an <amp-iframe>
.
我想创建一个示例,但由于 iframe 结构,我不能简单地创建一个 jsfiddle.
I'd liked to create an example but because of the iframe construct i can't simply create a jsfiddle.
推荐答案
它似乎是此错误的一个实例:https://code.google.com/p/chromium/issues/detail?id=541221
It appears to be an instance of this bug: https://code.google.com/p/chromium/issues/detail?id=541221
如果使用沙箱属性,标准 iframe 也会发生同样的事情.
The same thing does happen with a standard iframe if using the sandbox attribute.
将 allow-same-origin
添加到您的沙箱定义中似乎可以解决此问题.我注意到它现在在 Firefox 中也是一样的,尽管该错误中的评论(尽管 Firefox 没有明确列出错误)它在那里工作.所以也许这就是它应该如何工作?不能说我对沙箱属性的了解足以告诉您这一点.
Adding allow-same-origin
to your sandbox definition seems to fix it. I notice it's the same in Firefox now too despite the comment in that bug (though firefox doesn't list the error as explicitly) that it works there. So maybe this is how it's supposed to work? Can't say I know enough about the sandbox attribute to tell you that.
但是,顺便说一句,我不确定这是否是个好主意.您将拥有此页面的非 AMP 版本吗?就我个人而言,我不认为仅 AMP 页面的情况,因为我认为这会限制您,因为 1) 在 AMP 中并非一切皆有可能,2) 某些客户端不会加载它(例如,如果没有 javascript,或者不了解 AMP),所以我也更喜欢有一个真正的 HTML 页面.但是,如果您确实有单独的 HTML 和 AMP 页面,那么它们将分别跟踪评论(除非您将非 AMP 页面加载到此 iframe 中并以某种方式隐藏除评论之外的所有内容 - 但这似乎完全是浪费!).
However, as an aside, I'm not sure this is such a great idea anyway. Will you be having a non-AMP version of this page? Personally I don't see the case for an AMP only page as I think this limits you since 1) not everything is possible in AMP and 2) some clients won't load this (e.g. if no javascript, or doesn't understand AMP), so I prefer to have a real HTML page too. However if you do have separate HTML and AMP pages then they will track comments separately (unless you load your non-AMP page into this iframe and somehow hide everything but the comments - but that seems a complete waste!).
因此,我目前的实现方式是向我的 AMP 页面添加一个单击此处查看评论"链接,将它们带到完整页面 - 带有评论.不是一个很好的解决方案,但至少可以将评论放在一起.
So the way I implement this at present is to add a "click here to view comments" link to my AMP pages which take them to the full page - with comments. Not a great solution but at least keeps comments together.
这篇关于amp-iframe 内的 amp 页面上的 Disqus的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!