[wp-trac] [WordPress Trac] #64740: credentialless iframe incompatible with some browsers and cross-origin policies
WordPress Trac
noreply at wordpress.org
Fri Mar 6 09:31:13 UTC 2026
#64740: credentialless iframe incompatible with some browsers and cross-origin
policies
-------------------------------------+------------------------------
Reporter: amykamala | Owner: adamsilverstein
Type: defect (bug) | Status: reviewing
Priority: normal | Milestone: 7.0
Component: Editor | Version:
Severity: normal | Resolution:
Keywords: has-patch needs-testing | Focuses:
-------------------------------------+------------------------------
Comment (by hdkothari81):
**Patch Testing Report with 7.0-beta3**
Patch Tested: https://github.com/WordPress/wordpress-develop/pull/11170
**Local Environment**
- WordPress: 7.0-beta3
- PHP: 8.3.30 (Supports 64bit values)
- Server: nginx/1.16.0
- Database: mysqli (Server: 8.0.16 / Client: mysqlnd 8.3.30)
- Theme: Twenty Twenty-Five 1.4
- Plugins: Elementor 3.34.4
**Steps Taken for Testing**
- Install Elementor latest Version 3.35.6
- Create a blank page. Confirm editor works (as they have already patched)
- Rollback Elementor to 3.34.4
- Try to edit the page. View the following error in console:
- **Uncaught SecurityError: Failed to read a named property cross-origin
frame.**
- Apply patch PR 11170
- Try to edit the page with Elementor again
**Patch is solving the problem**
**Expected result**
Load Elementor editor properly with no cross-origin errors.
Before: [https://tinyurl.com/286lyhwu]
After Video: [https://tinyurl.com/23e7tc5d]
--
Ticket URL: <https://core.trac.wordpress.org/ticket/64740#comment:27>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list