Opened 6 years ago
Last modified 3 years ago
#46301 new defect (bug)
Customizer iframe warning
Reported by: | mensmaximus | Owned by: | |
---|---|---|---|
Milestone: | Awaiting Review | Priority: | normal |
Severity: | minor | Version: | 5.1 |
Component: | Customize | Keywords: | reporter-feedback |
Focuses: | Cc: |
Description
The preview in customizer (customize.php) causes a warning message in the browser console:
An iframe which has both allow-scripts and allow-same-origin for its sandbox attribute can remove its sandboxing.
Content Security Policy: Ignoring ‘x-frame-options’ because of ‘frame-ancestors’ directive.
Note: See
TracTickets for help on using
tickets.
I cannot reproduce this warning testing in Chrome with a local site, on a site with SSL, and on a multisite without SSL. Can anyone else identify situations that appear to trigger this warning?