Make WordPress Core

Opened 6 years ago

Last modified 3 years ago

#46301 new defect (bug)

Customizer iframe warning

Reported by: mensmaximus's profile mensmaximus Owned by:
Milestone: Awaiting Review Priority: normal
Severity: minor Version: 5.1
Component: Customize Keywords: reporter-feedback
Focuses: Cc:

Description

The preview in customizer (customize.php) causes a warning message in the browser console:

An iframe which has both allow-scripts and allow-same-origin for its sandbox attribute can remove its sandboxing.
Content Security Policy: Ignoring ‘x-frame-options’ because of ‘frame-ancestors’ directive.

Change History (1)

#1 @celloexpressions
3 years ago

  • Keywords reporter-feedback added

I cannot reproduce this warning testing in Chrome with a local site, on a site with SSL, and on a multisite without SSL. Can anyone else identify situations that appear to trigger this warning?

Note: See TracTickets for help on using tickets.