[wp-trac] [WordPress Trac] #35894: Post embeds are useless with X-Frame-Options: SAMEORIGIN
WordPress Trac
noreply at wordpress.org
Mon Feb 22 02:00:44 UTC 2016
#35894: Post embeds are useless with X-Frame-Options: SAMEORIGIN
-------------------------------------+--------------------
Reporter: ethitter | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: 4.4.3
Component: Embeds | Version: 4.4
Severity: normal | Resolution:
Keywords: has-patch needs-testing | Focuses:
-------------------------------------+--------------------
Comment (by pento):
@ethitter - Side note that may be relevant to your interests (if you'd
like to maintain the SAMEORIGIN restriction whilst allowing embeds) - URLs
intended to embedded in an iframe include an `X-WP-embed: true` header,
which you can detect in nginx and remove the `X-Frame-Options: SAMEORIGIN`
rule for that case.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/35894#comment:3>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list