[wp-trac] [WordPress Trac] #64740: credentialless iframe incompatible with some browsers and cross-origin policies
WordPress Trac
noreply at wordpress.org
Thu Mar 5 12:36:47 UTC 2026
#64740: credentialless iframe incompatible with some browsers and cross-origin
policies
-------------------------------------+------------------------------
Reporter: amykamala | Owner: adamsilverstein
Type: defect (bug) | Status: reviewing
Priority: normal | Milestone: 7.0
Component: Editor | Version:
Severity: normal | Resolution:
Keywords: has-patch needs-testing | Focuses:
-------------------------------------+------------------------------
Comment (by ozgursar):
== Patch Testing Report
Patch Tested: https://github.com/WordPress/wordpress-develop/pull/11170
=== Environment
- WordPress: 7.0-beta2-61752-src
- PHP: 8.2.29
- Server: nginx/1.29.4
- Database: mysqli (Server: 8.4.7 / Client: mysqlnd 8.2.29)
- Browser: Chrome 145.0.0.0
- OS: macOS
- Theme: Twenty Twenty-Five 1.4
- MU Plugins: None activated
- Plugins:
* Advanced Custom Fields 6.7.1
* Elementor 3.34.4
* Test Reports 1.2.1
=== Steps taken
1. Install Elementor latest 35.x
2. Create a blank page. Confirm editor works (as they have already
patched)
3. Rollback Elementor to `3.34.4`
4. Try to edit the page. View the following error in console:
{{{
Uncaught SecurityError: Failed to read a named property cross-origin
frame.
}}}
5. Apply patch PR 11170
6. Try to edit the page with Elementor again
7. ✅ Patch is solving the problem
=== Expected result
- We expect to be able to load Elementor editor with no cross-origin
errors
=== Screenshots/Screencast with results
Before
[[Image(https://i.imgur.com/NKQ6wjd.png)]]
After
Video: https://files.catbox.moe/n6vtyr.mp4
--
Ticket URL: <https://core.trac.wordpress.org/ticket/64740#comment:23>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list