Closed jamesmorrison closed 3 years ago
According to Mozilla, X-Frame-Options only has 2 valid values:
SAMEORIGIN
DENY
The existing filter only allows for this to be changed from (default) SAMEORIGIN to DENY
There is an option to filter wp_headers to remove this header, if present; this additional filter allows setting the header to be bypassed entirely.
wp_headers
None
add_filter( 'tenup_experience_disable_x_frame_options', true ) - result is the header is not set.
add_filter( 'tenup_experience_disable_x_frame_options', true )
Added: filter tenup_experience_disable_x_frame_options to allow omission of the X-Frame-Options header.
tenup_experience_disable_x_frame_options
Very nice
tlovett1
commented
3 years ago tlovett1
commented
3 years ago
Description of the Change
According to Mozilla, X-Frame-Options only has 2 valid values:
SAMEORIGIN- Only allow an iframe to be used on the same domainDENY- Do not allow any embedded iframeThe existing filter only allows for this to be changed from (default)
SAMEORIGINtoDENYBenefits
There is an option to filter
wp_headersto remove this header, if present; this additional filter allows setting the header to be bypassed entirely.Possible Drawbacks
None
Verification Process
add_filter( 'tenup_experience_disable_x_frame_options', true )- result is the header is not set.Checklist:
Changelog Entry
Added: filter
tenup_experience_disable_x_frame_optionsto allow omission of the X-Frame-Options header.