[wp-trac] [WordPress Trac] #36755: Native oEmbed support on Custom Post Types produces Cross-site scripting errors or are not rendered at all.
WordPress Trac
noreply at wordpress.org
Thu May 5 07:30:12 UTC 2016
#36755: Native oEmbed support on Custom Post Types produces Cross-site scripting
errors or are not rendered at all.
-------------------------------+------------------------------
Reporter: webdevmattcrom | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: TinyMCE | Version: 4.5.1
Severity: normal | Resolution:
Keywords: needs-screenshots | Focuses: javascript
-------------------------------+------------------------------
Comment (by andtrev):
When I navigate to the oembed url for the post you're embedding I get a
404: https://www.mattcromwell.com/wp-
json/oembed/1.0/embed?url=https%3A%2F%2Fwww.mattcromwell.com%2Fget-
analytify%2F
I also see this JS error message on other pages like
https://www.mattcromwell.com/hi-im-matt/about-me/ :
{{{
Failed to execute 'postMessage' on 'DOMWindow': The target origin provided
('https://www.mattcromwell.com') does not match the recipient window's
origin ('null').
https://js.stripe.com/v2/channel.html?stripe_xdm_e=https%3A%2F%2Fwww.mattcromwell.com&stripe_xdm_c=default286544&stripe_xdm_p=1
}}}
This is from Stripe, not sure if this is caused because of the other JS
errors, but the errors aren't limited to oembed.
Replying to [comment:7 webdevmattcrom]:
>
> This result is currently live on my site. See far bottom right footer
widget:
> https://www.mattcromwell.com/ro-fawp-politics/
>
> Here's the copy of both of those errors:
>
> {{{
> Uncaught SecurityError: Failed to read the 'cookie' property from
'Document': The document is sandboxed and lacks the 'allow-same-origin'
flag.
> }}}
>
> {{{
> Failed to execute 'postMessage' on 'DOMWindow': The target origin
provided ('https://www.mattcromwell.com') does not match the recipient
window's origin ('null').
> script.js:474 Uncaught SecurityError: Failed to read the 'cookie'
property from 'Document': The document is sandboxed and lacks the 'allow-
same-origin' flag.
> }}}
>
> {{{
> Uncaught SecurityError: Failed to read the 'cookie' property from
'Document': The document is sandboxed and lacks the 'allow-same-origin'
flag.
> }}}
--
Ticket URL: <https://core.trac.wordpress.org/ticket/36755#comment:9>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list