Ticket #40020: 40020.2.diff
File 40020.2.diff, 1.8 KB (added by , 7 years ago) |
---|
-
src/wp-includes/class-wp-customize-manager.php
1895 1895 * @return array Headers. 1896 1896 */ 1897 1897 public function filter_iframe_security_headers( $headers ) { 1898 $customize_url = admin_url( 'customize.php' ); 1899 $headers['X-Frame-Options'] = 'ALLOW-FROM ' . $customize_url; 1900 $headers['Content-Security-Policy'] = 'frame-ancestors ' . preg_replace( '#^(\w+://[^/]+).+?$#', '$1', $customize_url ); 1898 $headers['X-Frame-Options'] = 'SAMEORIGIN'; 1899 $headers['Content-Security-Policy'] = "frame-ancestors 'self'"; 1901 1900 return $headers; 1902 1901 } 1903 1902 -
tests/phpunit/tests/customize/manager.php
846 846 * Test WP_Customize_Manager::filter_iframe_security_headers(). 847 847 * 848 848 * @ticket 30937 849 * @ticket 40020 849 850 * @covers WP_Customize_Manager::filter_iframe_security_headers() 850 851 */ 851 852 function test_filter_iframe_security_headers() { 852 $customize_url = admin_url( 'customize.php' );853 853 $wp_customize = new WP_Customize_Manager(); 854 854 $headers = $wp_customize->filter_iframe_security_headers( array() ); 855 855 $this->assertArrayHasKey( 'X-Frame-Options', $headers ); 856 856 $this->assertArrayHasKey( 'Content-Security-Policy', $headers ); 857 $this->assertEquals( "ALLOW-FROM $customize_url", $headers['X-Frame-Options'] ); 857 $this->assertEquals( 'SAMEORIGIN', $headers['X-Frame-Options'] ); 858 $this->assertEquals( "frame-ancestors 'self'", $headers['Content-Security-Policy'] ); 858 859 } 859 860 860 861 /**