[wp-trac] [WordPress Trac] #38571: Customizer preview blocked by content security policy
WordPress Trac
noreply at wordpress.org
Sun Oct 30 14:44:05 UTC 2016
#38571: Customizer preview blocked by content security policy
-------------------------------+-------------------------
Reporter: rahilwazir | Owner: rahilwazir
Type: defect (bug) | Status: assigned
Priority: normal | Milestone: 4.7
Component: Customize | Version:
Severity: normal | Resolution:
Keywords: reporter-feedback | Focuses:
-------------------------------+-------------------------
Changes (by westonruter):
* owner: => rahilwazir
* status: new => assigned
Comment:
As a fallback if we can’t figure out why Firefox is rejecting the iframe
request, then the CSP header could be overridden to be removed entirely. I
originally included it to override any other plugins that may have added
the header to prevent their site from being iframed. But instead of
specifying frame-ancestors as its value, the entire header could be
removed instead if we also then include a preview nonce among the
customized state query params. Nevertheless, if we can figure out why
Firefox is rejecting it that would be best.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/38571#comment:1>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list