[wp-trac] [WordPress Trac] #38571: Customizer preview blocked by content security policy
WordPress Trac
noreply at wordpress.org
Sat Feb 18 23:38:23 UTC 2017
#38571: Customizer preview blocked by content security policy
-------------------------------+-------------------------
Reporter: rahilwazir | Owner: rahilwazir
Type: defect (bug) | Status: closed
Priority: normal | Milestone:
Component: Customize | Version:
Severity: normal | Resolution: invalid
Keywords: reporter-feedback | Focuses:
-------------------------------+-------------------------
Comment (by khromov):
@westonruter The iframe call to the customizer has the following response
headers that might be relevant:
{{{
content-security-policy:"frame-ancestors http://xn--hellthere-37a.dev"
x-frame-options:"ALLOW-FROM http://xn--hellthere-37a.dev/wp-
admin/customize.php"
}}}
The initial pageload (to load the entire customizer) has the following
response header:
{{{
x-frame-options:"SAMEORIGIN"
}}}
Please let me know if you need any additional information.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/38571#comment:7>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list