[wp-trac] [WordPress Trac] #64740: credentialless iframe incompatible with some browsers and cross-origin policies
WordPress Trac
noreply at wordpress.org
Fri Feb 27 02:16:06 UTC 2026
#64740: credentialless iframe incompatible with some browsers and cross-origin
policies
-------------------------------------+------------------------------
Reporter: amykamala | Owner: adamsilverstein
Type: defect (bug) | Status: reviewing
Priority: normal | Milestone: 7.0
Component: Editor | Version:
Severity: normal | Resolution:
Keywords: has-patch needs-testing | Focuses:
-------------------------------------+------------------------------
Comment (by mattshaw):
Just chiming in here with steps to replicate with ACF (though this will
likely affect other plugins using the TinyMCE editor in metaboxes in the
Gutenberg post editor as well).
To reproduce:
1. Have a fresh WordPress install running WordPress 7.0-beta2 and running
the default Twenty Twenty-Five theme
2. Install ACF and create a field group with a WYSIWYG field, leaving all
other settings at their defaults
3. Create a new post and try to interact with the WYSIWYG field in the
metabox at the bottom of the page. With the `credentialless` attribute
applied to the TinyMCE iframe, the TinyMCE "Visual" editor will not be
editable.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/64740#comment:14>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list