WordPress.org

Make WordPress Core

Changes between Initial Version and Version 1 of Ticket #40020, comment 9


Ignore:
Timestamp:
04/11/2018 05:41:39 PM (20 months ago)
Author:
westonruter
Comment:

Legend:

Unmodified
Added
Removed
Modified
  • Ticket #40020, comment 9

    initial v1  
    11@fullyint your reasoning seems sound to me. Part of the reason for using `ALLOW-FROM` was the idea that the iframe could be limited to be embedded from just `customize.php`. But apparently that's not how `ALLOW-FROM` works and this granular usage of allowing from specific URL paths isn't supported.
    22
    3  I'd like to get +1 from someone else who is more familiar with the security implications of these headers.
     3I'd like to get +1 from someone else who is more familiar with the security implications of these headers.