From d99b73d4894e60dcdfda7fe7d7cc3cc0819cfa39 Mon Sep 17 00:00:00 2001
From: GeckoLinux <2692138+geckolinux@users.noreply.github.com>
Date: Mon, 30 Sep 2024 01:45:06 -0500
Subject: [PATCH] UX: Proper description of the `allowed_iframes` setting
 (#28997)

https://meta.discourse.org/t/regression-iframe-embedding-broken-with-allowed-src-domain/327852/13

The `allowed_iframes` isn't a list of simple domain names; it requires a full or partial URL with `https://` at the beginning and a trailing slash at the end.
---
 config/locales/server.en.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/config/locales/server.en.yml b/config/locales/server.en.yml
index 4db03475fa0..94c3b9280ee 100644
--- a/config/locales/server.en.yml
+++ b/config/locales/server.en.yml
@@ -1876,7 +1876,7 @@ en:
     blocked_ip_blocks: "A list of private IP blocks that should never be crawled by Discourse"
     allowed_internal_hosts: "A list of internal hosts that discourse can safely crawl for oneboxing and other purposes"
     allowed_onebox_iframes: "A list of iframe src domains which are allowed via Onebox embeds. `*` will allow all default Onebox engines."
-    allowed_iframes: "A list of iframe src domain prefixes that discourse can safely allow in posts"
+    allowed_iframes: "A list of iframe src URL prefixes that Discourse can safely allow in posts"
     allowed_crawler_user_agents: "User agents of web crawlers that should be allowed to access the site. WARNING! SETTING THIS WILL DISALLOW ALL CRAWLERS NOT LISTED HERE!"
     blocked_crawler_user_agents: "Unique case insensitive word in the user agent string identifying web crawlers that should not be allowed to access the site. Does not apply if allowlist is defined."
     slow_down_crawler_user_agents: 'User agents of web crawlers that should be rate limited as configured in the "slow down crawler rate" setting. Each value must be at least 3 characters long.'