[wp-trac] [WordPress Trac] #40020: Customizer fails to load in Safari due to X-Origin Header mismatch
WordPress Trac
noreply at wordpress.org
Thu Apr 5 12:06:25 UTC 2018
#40020: Customizer fails to load in Safari due to X-Origin Header mismatch
-------------------------------+------------------------------
Reporter: nickkeenan | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Customize | Version: 4.7.2
Severity: normal | Resolution:
Keywords: reporter-feedback | Focuses:
-------------------------------+------------------------------
Comment (by Oclair):
Hey all, so from my understanding using CSP with nginx (an appropriate
security measure to undertake) breaks customizer for safari (in my case
Safari 11.1). This creates an incentive to make wordpress installs
insecure.
Closing this ticket sends the wrong message to everyone.
I am a server admin and am affected by this bug, CSP is very important,
please make sure features do not break security.
thanks for your contributions to opensource!
OC
--
Ticket URL: <https://core.trac.wordpress.org/ticket/40020#comment:7>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list