[wp-trac] [WordPress Trac] #64740: credentialless iframe incompatible with some browsers and cross-origin policies

WordPress Trac noreply at wordpress.org
Wed Mar 4 15:53:12 UTC 2026 

#64740: credentialless iframe incompatible with some browsers and cross-origin
policies
-------------------------------------+------------------------------
 Reporter:  amykamala                |       Owner:  adamsilverstein
     Type:  defect (bug)             |      Status:  reviewing
 Priority:  normal                   |   Milestone:  7.0
Component:  Editor                   |     Version:
 Severity:  normal                   |  Resolution:
 Keywords:  has-patch needs-testing  |     Focuses:
-------------------------------------+------------------------------

Comment (by MadtownLems):

 I've spent the last day troubleshooting why the Classic Editor wasn't
 working for us on 7.0-beta-2, and my journey eventually brought me here 😅

 My situation:
 Testing 7.0-beta-2 - works fine on LocalWP, but noticed the Classic Editor
 didn't work properly when run from our server (same server that we've been
 running WP on successfully for years). On first load (Add Post), one
 cannot get their cursor into the editor. Once you Save Draft, or edit an
 existing Post, it works fine. (Zero plugins, core theme, etc)
 Note: We enforce the Classic Editor (on some sites) with a very basic one-
 liner:
 add_filter('use_block_editor_for_post', '__return_false');

 Eventually, I traced it down to these cross-origin policies. Adding a /wp-
 admin/.htaccess file with this resolves my issue

 <IfModule mod_headers.c>
   Header always unset Cross-Origin-Embedder-Policy
   Header always unset Cross-Origin-Opener-Policy
   Header always set Cross-Origin-Embedder-Policy "unsafe-none"
   Header always set Cross-Origin-Opener-Policy   "same-origin-allow-
 popups"
 </IfModule>

 The suggested patch - as is - did NOT resolve my issue, as I'm using
 Chrome. However, simply returning false from that filter DOES resolve my
 issue.

 Happy to do further research/testing or answer any additional questions :)

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/64740#comment:22>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list