Widget Not Showing on Client Site

ProjectHuddle uses cross-domain communication to collect comments on all your client's websites. Most of the time, website setup goes smoothly, but sometimes you'll hit a snag and wonder why it's not functioning properly.

Verify the website URL is correct.

Ensure your client's Website URL 100% matches the site your collecting feedback. This includes http vs https.

SSL Issues

It's recommended that both your site and your client's site use SSL. It's the safest way to communicate cross-domain. In fact you can get ssl, free on your site or your client's site right now! Cloudflare offers this option for all users, free of charge, regardless of your host:

https://www.cloudflare.com/ssl/

Cross domain communication can get tricky if both your site and your clients site don't have the same ssl protocol (i.e. you're using ssl but your clients site is not). Here are both scenarios:

1. Your site is using ssl, but your client's site is not.

In this case, you'll want to make sure you're not forcing all your site's urls to load over https. The ProjectHuddle embed code is protocol agnostic, which means it can load over http or https. However, if you're forcing all of your website's urls to load over https this can cause the widget to be forced to load over https. And since your client's site does not have ssl, it won't load. 

To fix this, you'll need to edit your .htaccess file to exclude the ProjectHuddle embed code from redirecting to ssl. It should look something like this:

<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{HTTP:X-Forwarded-Proto} !https 
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
</IfModule>

You'll want to add a conditional to exclude redirects if the ph_apikey variable is present:

<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{HTTP:X-Forwarded-Proto} !https 
RewriteCond %{QUERY_STRING} !ph_apikey=([^&]+) [NC] 
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
</IfModule>

This allows the website embed code able to load over either http or https.

2. Your clients site is using ssl, but your site is not.

If your client's site is using https, your site MUST use https as well. Any site running ssl won't allow non-secure (i.e. http) resources to load on the page. You can often times get a free ssl certificate through your host for free. If not, you can score one for free from cloudflare, regardless of your host. https://www.cloudflare.com/ssl/

If you still can't get the widget to load over ssl, a simple workaround is to install ProjectHuddle directly on your client's site to avoid ssl issues.

Check your server's X-Frame-Options setting.

The X-Frame-Options is a server setting used to indicate whether or not a browser should be allowed to render a page in a frame or iframe. If this is set to DENY or SAMEORIGIN, ProjectHuddle won't be able to iframe on your client's site.  Typically, most hosts don't add this to as WordPress needs this open to allow for the Embeds Feature, but sometimes a host will set this anyway. Your best bet is to contact your host about this issue, however, you can often solve this on your own as well.

Apache

If you're running Apache, you'll want to find the  httpd.conf file on your server and remove any X-Frame-Options settings. If you can't find your httpd.conf file, you may be on shared hosting, so check your .htaccess file in the root of your WordPress installation. It would look like this:

Header always append X-Frame-Options SAMEORIGIN
Nginx

If you're running Apache, you'll want to find the nginx.conf file on your server and remove any X-Frame-Options settings. It would look like this:

add_header X-Frame-Options SAMEORIGIN;
If you're worried about security and don't wish to have your site iframed on other sites, you can set your X-Frame-Options to include specific domains.

Make sure your browser isn't blocking 3rd party cookies.

There's an advanced setting in some browsers that lets users block 3rd party cookies. Unfortunately, this won't allow login information to be found once you're on an external site. In chrome, to fix this, enter:

chrome://settings/content/cookies

In your browser and make sure "Block third-party cookies" in unchecked.