When you look at or load up the TinyMCE rich text editor on a website, you might find that an error message or warning appears:
This domain is not registered with Tiny Cloud. Please review your approved domains.
We’ve mentioned before how to remove the warning, and you can remove the error by checking if your API key is correct, and by also checking if the domain you’re using is registered in your TinyMCE account.
But what if you’ve checked both of these places, and the annoying warning message won’t go away? Well there’s another place you can check, and it involves the website referers (which is spelled with a single letter “r”, and isn’t “referrer”).
This post explains a reliable way to troubleshoot and check the warning, and understand how referers cause it. Remember, if you’re personally not in a position to make any modifications to your TinyMCE account, contact your System Administrator or IT department. They can remove the warnings by following these troubleshooting steps, or they can contact us for more assistance if required.
Website referers and removing TinyMCE warnings
To understand what’s going on with the warning message, and how to remove it, you first need to understand the basics.
A referer is a specific part of the communication between a website and a browser. The information sent between a website and browser contains a specific set of information following a protocol, and a part of that protocol requires sending a referer.
The referer tells the server hosting the website where the request for content came from – a link on a website, or a link in an image on the website, for example.
The server keeps a log of all this referral information. And understandably, this is a big privacy concern. End users can protect their privacy by controlling what information is sent to a remote server.
The result of changing the referer
A user can protect themselves by running a proxy server, for instance, that changes what information is sent from their application or browser to the server. Some browsers can also transmit blank referral content or use an attribute called rel=”noreferrer”
in the HTML to send blank referral content.
The Brave browser is one example of a service that actively changes referer information. Brave modifies referers, and previously would change the address the users request is coming from, or even omit the referer information entirely.
The current Brave policy on referers is to change what information the browser broadcasts based on location. For instance, if the user clicks a link contained in an image on a website, the Brave browser sends origin information only, and not the URL.
The result of changing the referer is that TinyMCE displays an error message and blocks services. This is because Tiny Cloud checks if the browser requesting content from the Tiny Content Delivery Network (CDN) matches the list of approved domains (web addresses) set up in a user’s TinyMCE account. To do this, TinyMCE relies on the referer information – checking the referer and comparing it to the list of approved domains.
If the referer and the domain do not match, TinyMCE will not allow the connection, and it automatically sends the “This domain is not registered with Tiny Cloud. Please review your approved domains.” error message.
Depending on how thoroughly the browser has modified the referer information there may be another error: “We could not check your domain because the referer header was missing. Please see the guide on how to ensure the referer header is present.”
How to check referers and remove the warning
To check the referer header and confirm what information the browser is sending:
- Open your Browser’s developer tools
- Open the Networks Tab
- Find the request made to Tiny with your API key.
- Click on the Headers tab
- Look for the Request Headers section, and locate a field called referer (remember, no double r). Here is an example, checking the Tiny Docs demo through the Chrome browser:
If the value is different from your registered URLs, adjust either the URL list, or change your application’s header settings. This should remove the TinyMCE warning messages. Similarly, if the referer information is blank, adjust your browser’s settings to match the applicable registered domain in your TinyMCE account.
What’s next?
If you’re curious about how TinyMCE works, you can reach out to us for some more information. And if you’re using a proxy or a security focused browser such as Brave, let us know how you go accessing TinyMCE, or even checking on demos provided in our documentation.
You can also send a message or create an issue on Github or on @JoinTiny with information about any errors you run into using TinyMCE.