Send X-Frame-Options: SAMEORIGIN for admin and login pages. see #12293

git-svn-id: https://develop.svn.wordpress.org/trunk@17826 602fd350-edb4-49c9-b593-d223f7449a82
2026-04-04 20:54:29 +00:00 · 2011-05-06 21:28:53 +00:00
parent 868ff9bcfa
commit 535ced5186
3 changed files with 16 additions and 1 deletions
--- a/wp-includes/functions.php
+++ b/wp-includes/functions.php
@@ -4534,4 +4534,16 @@ function wp_find_hierarchy_loop_tortoise_hare( $callback, $start, $override = ar
 	return false;
 }

+/**
+ * Send a HTTP header to limit rendering of pages to same origin iframes.
+ *
+ * @link https://developer.mozilla.org/en/the_x-frame-options_response_header
+ *
+ * @since 3.2.0
+ * @return none
+ */
+function send_frame_options_header() {
+	@header( 'X-Frame-Options: SAMEORIGIN' );
+}
+
 ?>