[wp-trac] [WordPress Trac] #38571: Customizer preview blocked by content security policy

WordPress Trac noreply at wordpress.org
Sat Feb 18 23:38:23 UTC 2017


#38571: Customizer preview blocked by content security policy
-------------------------------+-------------------------
 Reporter:  rahilwazir         |       Owner:  rahilwazir
     Type:  defect (bug)       |      Status:  closed
 Priority:  normal             |   Milestone:
Component:  Customize          |     Version:
 Severity:  normal             |  Resolution:  invalid
 Keywords:  reporter-feedback  |     Focuses:
-------------------------------+-------------------------

Comment (by khromov):

 @westonruter The iframe call to the customizer has the following response
 headers that might be relevant:


 {{{
 content-security-policy:"frame-ancestors http://xn--hellthere-37a.dev"
 x-frame-options:"ALLOW-FROM http://xn--hellthere-37a.dev/wp-
 admin/customize.php"
 }}}

 The initial pageload (to load the entire customizer) has the following
 response header:


 {{{
 x-frame-options:"SAMEORIGIN"
 }}}


 Please let me know if you need any additional information.

--
Ticket URL: <https://core.trac.wordpress.org/ticket/38571#comment:7>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform


More information about the wp-trac mailing list