[wp-trac] [WordPress Trac] #35894: Post embeds are useless with X-Frame-Options: SAMEORIGIN
WordPress Trac
noreply at wordpress.org
Mon Feb 22 06:05:52 UTC 2016
#35894: Post embeds are useless with X-Frame-Options: SAMEORIGIN
-------------------------------------+--------------------
Reporter: ethitter | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: 4.4.3
Component: Embeds | Version: 4.4
Severity: normal | Resolution:
Keywords: has-patch needs-testing | Focuses:
-------------------------------------+--------------------
Comment (by netweb):
In a somewhat related issue, over on https://bbpress.org if a user adds a
link to their site that is `http://` and *not* `https://` then the embed
will not show in Google Chrome due to `Mixed Content` error/warning for
example:
* https://bbpress.org/forums/topic/add-a-featured-image-
to-a-forum/#post-171825
* Results in" `Mixed Content: The page at
'https://bbpress.org/forums/topic/add-a-featured-image-
to-a-forum/#post-171825' was loaded over HTTPS, but requested an insecure
resource 'http://www.hippressurecooking.com/forum/embed/'. This request
has been blocked; the content must be served over HTTPS.`
I've just had a Slack chat with @pento regarding the above and he believes
that [attachment:35894.diff] will also fix this issue, in that rather than
the embed not showing at all a link will be shown instead which works for
me :+1
--
Ticket URL: <https://core.trac.wordpress.org/ticket/35894#comment:4>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list