vhad/wordpress-develop
1
0
Fork 0
mirror of https://github.com/gosticks/wordpress-develop.git synced 2026-06-28 22:30:04 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Customizer: Improve browser compatibility of the preview iframe.

Browse Source 
When `home` and `siteurl` are different, the customizer preview iframe will be blank in Chrome and Safari, due to their `X-Frame-Options` implementation quirks.

Changing this to `SAMEORIGIN` and adding the `frame-ancestors` Content Security Policy gives the correct behaviour.

Props fullyint.
Fixes #40020.



git-svn-id: https://develop.svn.wordpress.org/trunk@44580 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
Gary Pendergast
2019-01-14 06:37:30 +00:00
parent 71abc20def
commit f5f5da1fff
2 changed files with 5 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
src/wp-includes/class-wp-customize-manager.php
View File

@@ -1896,9 +1896,8 @@ final class WP_Customize_Manager {
* @return array Headers.
*/
public function filter_iframe_security_headers( $headers ) {
$customize_url = admin_url( 'customize.php' );
$headers['X-Frame-Options'] = 'ALLOW-FROM ' . $customize_url;
$headers['Content-Security-Policy'] = 'frame-ancestors ' . preg_replace( '#^(\w+://[^/]+).+?$#', '$1', $customize_url );
$headers['X-Frame-Options'] = 'SAMEORIGIN';
$headers['Content-Security-Policy'] = "frame-ancestors 'self'";
return $headers;
}