Changeset 44580 for trunk/src/wp-includes/class-wp-customize-manager.php
- Timestamp:
- 01/14/2019 06:37:30 AM (6 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/src/wp-includes/class-wp-customize-manager.php
r44228 r44580 1897 1897 */ 1898 1898 public function filter_iframe_security_headers( $headers ) { 1899 $customize_url = admin_url( 'customize.php' ); 1900 $headers['X-Frame-Options'] = 'ALLOW-FROM ' . $customize_url; 1901 $headers['Content-Security-Policy'] = 'frame-ancestors ' . preg_replace( '#^(\w+://[^/]+).+?$#', '$1', $customize_url ); 1899 $headers['X-Frame-Options'] = 'SAMEORIGIN'; 1900 $headers['Content-Security-Policy'] = "frame-ancestors 'self'"; 1902 1901 return $headers; 1903 1902 }
Note: See TracChangeset
for help on using the changeset viewer.