[wp-trac] [WordPress Trac] #35894: Post embeds are useless with X-Frame-Options: SAMEORIGIN
WordPress Trac
noreply at wordpress.org
Sun Feb 21 05:44:18 UTC 2016
#35894: Post embeds are useless with X-Frame-Options: SAMEORIGIN
--------------------------+-----------------------------
Reporter: ethitter | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Embeds | Version: 4.4
Severity: normal | Keywords:
Focuses: |
--------------------------+-----------------------------
I've set `X-Frame-Options: SAMEORIGIN` for my WordPress network, which
means that other sites can't embed any of my posts using the embeds
feature from 4.4. I won't change the header to fix this, and I'm sure
others are in a similar situation, breaking this feature in an awkward
way.
Before revealing the embed iframe (it's `display: none` in source),
couldn't the JS detect if the iframe failed to load, replacing it with a
link to the original post, or at least something more useful than a blank
frame? Right now, the blocked iframe expands and if a user didn't check
the browser console, they'd have no idea what went wrong.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/35894>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list