WordPress.org

Make WordPress Core

Ticket #40020: 40020.diff

File 40020.diff, 791 bytes (added by fullyint, 17 months ago)
  • src/wp-includes/class-wp-customize-manager.php

     
    18951895         * @return array Headers.
    18961896         */
    18971897        public function filter_iframe_security_headers( $headers ) {
    1898                 $customize_url                      = admin_url( 'customize.php' );
    1899                 $headers['X-Frame-Options']         = 'ALLOW-FROM ' . $customize_url;
    1900                 $headers['Content-Security-Policy'] = 'frame-ancestors ' . preg_replace( '#^(\w+://[^/]+).+?$#', '$1', $customize_url );
     1898                $headers['X-Frame-Options']         = 'SAMEORIGIN';
     1899                $headers['Content-Security-Policy'] = "frame-ancestors 'self'";
    19011900                return $headers;
    19021901        }
    19031902