[wp-trac] [WordPress Trac] #29429: Support frame-ancestors directive over X-Frame-Options
WordPress Trac
noreply at wordpress.org
Mon Jul 29 00:18:23 UTC 2019
#29429: Support frame-ancestors directive over X-Frame-Options
------------------------------------+-----------------------------
Reporter: danielbachhuber | Owner: (none)
Type: enhancement | Status: reopened
Priority: normal | Milestone: Future Release
Component: Security | Version:
Severity: normal | Resolution:
Keywords: dev-feedback has-patch | Focuses:
------------------------------------+-----------------------------
Changes (by killerbishop):
* keywords: dev-feedback needs-patch => dev-feedback has-patch
Comment:
I looked for any other use of X-Frame-Options - but it only appears in two
spots. The customize manager class already provides both headers. This is
a change to the {{{send_frame_options_header()}}}. Testing in the WP admin
shows both headers being issued, no change to behavior from what I can
tell using the latest Chrome. The original header is being kept for
continued security benefit in older browsers.
Here is my repo's pull request if needed:
https://github.com/killerbishop/wordpress-develop/pull/2
--
Ticket URL: <https://core.trac.wordpress.org/ticket/29429#comment:7>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list