Rich-text Reply

Unable to load page

rahulw 03-23-16

Unable to load page

I am trying to set up optimizely test for zeropainnow.com site. Before one month i set up tests which were fine. But now when I am trying to set a/b test and click on editor i get unable to load site error even if I click on loas unsafe script. Can someone show me right direction?

appretiate your help. Thanks in advance.

 

Level 1

DavidS 03-24-16
 

Re: Unable to load page

Hi rahulw,

 

Thanks for reaching out to Optimizely Support!

 

Here are some steps to ensure that the page has the best chance of loading into the editor using Google Chrome:

1. Enable Mixed Content to allow unsecured pages to load into the Editor.
2. Install the Optimizely Chrome Extension to allow pages that refuse to load in iframes to load into the Editor's iframe.

Those two steps should force nearly any page to load into the Editor.

 

If this is doesn't work, could you try loading the page using Mozilla Firefox? Also, please keep in mind that you will need to enable mixed content in Firefox to allow the page to load in the Visual Editor.

 

I hope that is helpful. Feel more than free to reply back with any additional questions at all.

 

Best,
David

 

Optimizely

Re: Unable to load page

I am having the same issue in Safari...am suggestions?

DavidS 03-29-16
 

Re: Unable to load page

Hi JsscaCollier,

 

Thanks for reaching out!

I understand that you are having an issue with loading your page in the Visual Editor from Safari. 

 

I tested loading your site into the Optimizely Editor and found that it didn't load due to a security setting on your site. Your site has an X-FRAME-OPTIONS header set which means that it can't be loaded inside an iframe on another domain (for example, app.optimizely.com).

X-FRAME-OPTIONS is a deprecated security feature that has since been replaced by Content Security Policies that allow for fine-grained control over which pages can iframe yours, among many other features. So, if you replace your X-FRAME-OPTIONS header with Content Security Policies, you'll be able to whitelist app.optimizely.com.

 

---

Full Solution (recommended) - Here's how you can switch to Content Security Policies:

If you're not using Content Security Policies for anything else yet, ask your developers to remove the X-FRAME-OPTIONS header and replace it by the following CSP header:

Content-Security-Policy: default-src * 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' app.optimizely.com;

This will mirror the security X-FRAME-OPTIONS provided you. If you're already using Content Security Policies for other purposes, you'll need to merge your existing rules with the one above.

To be able to load your pages in the Optimizely editor, make sure to add the frame-ancestors directive for app.optimizely.com. To make sure all of Optimizely's functionality for your visitors works correctly, make sure to allow 'unsafe-inline' and 'unsafe-eval'.

---

Temporary Workaround - Optimizely Helper Chrome Extension:

With that said, we know the changes above can take some time with your development team, so we have built a Google Chrome Extension that should allow users with x-frame options errors to load their sites in the Optimizely Editor. This works, but obviously isn't ideal for your larger team: every new user will run into the same problem which will make first-time use of Optimizely a bad first experience for them.

This will also mean that you will have to use Chrome to load your website in the Visual Editor. 

 

Let me know if you are still experiencing issues or if there is anything else that I can do to help.


Best,
David

Optimizely