[wp-trac] [WordPress Trac] #29429: Support frame-ancestors directive over X-Frame-Options
WordPress Trac
noreply at wordpress.org
Sat Aug 23 14:07:15 UTC 2025
#29429: Support frame-ancestors directive over X-Frame-Options
------------------------------------------------+--------------------------
Reporter: danielbachhuber | Owner:
| SergeyBiryukov
Type: enhancement | Status: closed
Priority: normal | Milestone: 6.9
Component: Security | Version:
Severity: normal | Resolution: fixed
Keywords: dev-feedback has-patch 2nd-opinion | Focuses:
------------------------------------------------+--------------------------
Changes (by SergeyBiryukov):
* status: accepted => closed
* resolution: => fixed
Comment:
In [changeset:"60657" 60657]:
{{{
#!CommitTicketReference repository="" revision="60657"
Security: Set the `frame-ancestors` directive in
`send_frame_options_header()`.
The `X-Frame-Options` HTTP response header is a way of controlling whether
and how a document may be loaded inside of a child navigable. For sites
using `Content-Security-Policy`, the `frame-ancestors` directive provides
more granular control over the same situations.
Includes adding a `headers_sent()` check before sending the headers.
References:
* [https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/X
-Frame-Options MDN Web Docs: X-Frame-Options header]
* [https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers
/Content-Security-Policy/frame-ancestors MDN Web Docs: Content-Security-
Policy: frame-ancestors directive]
Follow-up to [17826].
Props danielbachhuber, killerbishop, callumbw95, josephscott, nacin,
chriscct7, iandunn, SergeyBiryukov.
Fixes #29429.
}}}
--
Ticket URL: <https://core.trac.wordpress.org/ticket/29429#comment:14>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list