Changeset 44580
- Timestamp:
- 01/14/2019 06:37:30 AM (6 years ago)
- Location:
- trunk
- Files:
-
- 2 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/src/wp-includes/class-wp-customize-manager.php
r44228 r44580 1897 1897 */ 1898 1898 public function filter_iframe_security_headers( $headers ) { 1899 $customize_url = admin_url( 'customize.php' ); 1900 $headers['X-Frame-Options'] = 'ALLOW-FROM ' . $customize_url; 1901 $headers['Content-Security-Policy'] = 'frame-ancestors ' . preg_replace( '#^(\w+://[^/]+).+?$#', '$1', $customize_url ); 1899 $headers['X-Frame-Options'] = 'SAMEORIGIN'; 1900 $headers['Content-Security-Policy'] = "frame-ancestors 'self'"; 1902 1901 return $headers; 1903 1902 } -
trunk/tests/phpunit/tests/customize/manager.php
r43571 r44580 849 849 * 850 850 * @ticket 30937 851 * @ticket 40020 851 852 * @covers WP_Customize_Manager::filter_iframe_security_headers() 852 853 */ 853 854 function test_filter_iframe_security_headers() { 854 $customize_url = admin_url( 'customize.php' );855 855 $wp_customize = new WP_Customize_Manager(); 856 856 $headers = $wp_customize->filter_iframe_security_headers( array() ); 857 857 $this->assertArrayHasKey( 'X-Frame-Options', $headers ); 858 858 $this->assertArrayHasKey( 'Content-Security-Policy', $headers ); 859 $this->assertEquals( "ALLOW-FROM $customize_url", $headers['X-Frame-Options'] ); 859 $this->assertEquals( 'SAMEORIGIN', $headers['X-Frame-Options'] ); 860 $this->assertEquals( "frame-ancestors 'self'", $headers['Content-Security-Policy'] ); 860 861 } 861 862
Note: See TracChangeset
for help on using the changeset viewer.