If comments are enabled for everyone, the site prompts a "ghost-frame" download

I’m not sure if this is a bug, but for a person who’s not used to the comment section needs, this will make my site looks insecure, cause it’s prompting a “do you wish to download ghost-frame” window that looks suspicious. Is there a way to keep comments enable without this download prompt being launched?
More: the error was found on the mobile screen on iOS, both Safari and Chrome!
Instance: xlipe.com

This definitely doesn’t sound right. But there’s not enough info here to understand what’s happening. Do you have a link to your site, so we can better understand what’s happening?

sure, I’m running it using digital ocean. it’s xlipe.com.

Are comments enabled still? I’m not seeing them .

I’m sorry, I forgot to let it enabled for troubleshooting. I’m doing it now!
More: the error was found on the mobile screen on iOS, both Safari and Chrome!

I edited the post with the link and now the post is hidden :confused:

I restored your posts, the spam filter was triggered :slight_smile:


I visited the link and everything seems to be working for me. Tested on Safari and Chrom:

Is there anything else you can share about what’s happening?

I guess I forgot to mention that’s a mobile issue, I’m sorry.
Here’s what I get when I open a post from my phone, on both Safari and Chrome apps:

Here’s a video of the site’s behavior when I open a link from an inapp browser on iOS, when I receive a new comment. I can’t even login cause I have to download this file, and the donwload won’t start either.

I can confirm the existence of this behavior on his site. iPhone, Safari.

However, I cannot replicated the behavior (same phone & browser) on my own site. (Ghost Pro, so latest version of Ghost.)

Xlipe, can you try loading an official theme and see if the behavior vanishes? I’m suspecting that whatever the problem is, it’s something to do with your specific setup, not a general Ghost bug. Are you loading the Ghost comments-ui file from the CDN, or are you loading something custom?

Hi Cathy! I Updated the installation, changed the theme, but the problem persists. Imma try to reinstall the instance from scratch. Thakns for your help!

Are you using a proxy in front of some sort? Is it perhaps messing up the content-type?

I just followed the Digital Ocean Installation guide… And only had to redo it using instead of localhost because of something I don’t remember very well :sweat_smile: I’m not an expert on using a terminal, I really just follow instructions. I been trying to use selfhosted Ghost for months, and only this week I managed to put my instance online… So yes, maybe there are a few things missing! But it’s ok, I’m just experimenting!

Found someone talking about it here, don’t know if it’s the same problem…

That’s not quite the same thing - it doesn’t result in a download, just a message in the browser’s console.

I’ve noticed this auth-frame download prompt occurs with iOS 17.4, which released March 5, but not with iOS 17.3.1. The browser doesn’t seem to matter, so maybe it has to do with WebKit security updates? (IDK, not my wheelhouse).

Additionally, the auth-frame download prompt does not occur with Ghost 5.80.2 (either iOS), but does occur with Ghost 5.81.1 (iOS 17.4+ only). I don’t know about in-between versions of Ghost. Maybe look at this pull in Ghost 5.80.3, as it came out just prior to the complaint in the OP and has to do with auth-frame. Again IDK, just trying to be helpful.

I decided to roll back to Ghost 5.80.2 so my users don’t get the prompt, which, yes, doesn’t look secure. Hope you guys can fix it. Cheers.

Can you share your site URL? The OP no longer has any posts on their site so the problem isn’t visible.

My assumption is that something in your hosting stack is sending an incorrect header for a 204 response code which is causing problems in iOS but without an example of a broken site I can’t test that theory.

1 Like

Hi Kevin. Thank you for the quick reply. Pleased to be in touch with the developer. Much respect for your work!

My site comments are set for paid-subscribers. I could make a test account for you with a complimentary subscription, given an email address, and send a link to examine the issue. Would that work, or is there a better way? I appreciate your attention to the matter.

1 Like

Hey guys! I moved back to iOS and the problem persists. Is it happening to you too on iOS?

1 Like