WordPress.org
Get WordPress

Make WordPress Core

Opened 15 years ago

Closed 15 years ago

#17990 closed defect (bug) (fixed)

WP Importer blank due to X-Frame Options

Reported by: garyj's profile GaryJ Owned by: duck_'s profile duck_
Milestone: 3.3 Priority: normal
Severity: normal Version: 3.2
Component: Import Keywords:
Focuses: Cc:

Description

WP 3.2, Chrome 12 on Win7.

When trying to add the WordPress Importer, the thickbox is coming up blank - Chrome console gives the error as:

Refused to display document because display forbidden by X-Frame-Options.

In short, the importer can't be installed by the usual method.

Probably related: #12293

Change History (10)

#1 @nacin
15 years ago

You have some odd domain mapping or URL-changing settings enabled?

#2 @GaryJ
15 years ago

I've got WP MS running - due to the way Plesk on my host works, I have to run what would usually be a wildcard subdomain as a domain alias instead, but I've done that for other WP MS installs pre-3.2, and never had an issue with getting the Importer installed that I remember.

Saying that, the thickbox does appear populated when trying to install the Importer from the root network site.

#3 follow-up: @nacin
15 years ago

So, we decided to go with X-Frame-Options: SAMEORIGIN without any special handling, rather than DENY with handling to avoid IFRAME_REQUEST pages.

I think an exception for IFRAME_REQUEST wouldn't be a bad idea, considering how many people use various forms of domain mapping. That said, this is a very very edge case.

#4 @trepmal
15 years ago

I'm running into the same problem as GaryJ

I'm using MediaTemple's (ve) service which as far as I can tell requires the ServerAlias method to get wildcard subdomains to work. However, I'm by no means a server guru, so I may very well have set up something incorrectly.

#5 in reply to: ↑ 3 @duck_
15 years ago

  • Keywords needs-patch added

Replying to nacin:

I think an exception for IFRAME_REQUEST wouldn't be a bad idea, considering how many people use various forms of domain mapping. That said, this is a very very edge case.

We don't want to exempt IFRAME_REQUEST for security reasons.

This isn't limited to domain mapping, but also occurs on subdomain setups when trying to install from off of the main site.

Should probably run a check to prevent installation and do something different on multisite when not on the main site.

#6 @nacin
15 years ago

  • Milestone changed from Awaiting Review to 3.2.2

Should probably run a check to prevent installation and do something different on multisite when not on the main site.

Yep.

#7 @duck_
15 years ago

  • Owner set to duck_
  • Resolution set to fixed
  • Status changed from new to closed

In [18535]:

Direct a user to the main site to install importers, fixes #17990

#8 @duck_
15 years ago

  • Keywords needs-patch removed

Reopening for 3.2.2 consideration.

#9 @duck_
15 years ago

  • Resolution fixed deleted
  • Status changed from closed to reopened

#10 @ryan
15 years ago

  • Milestone changed from 3.2.2 to 3.3
  • Resolution set to fixed
  • Status changed from reopened to closed
Note: See TracTickets for help on using tickets.