Make WordPress Core

Opened 2 years ago

Last modified 2 years ago

#48656 new defect (bug)

Views details blocked by SAMEORIGIN

Reported by: sebastienserre Owned by:
Milestone: Awaiting Review Priority: normal
Severity: major Version: 5.3
Component: Plugins Keywords: needs-patch
Focuses: multisite Cc:



On multisite, the "view detail" link on this page /wp-admin/plugins.php (in each plugin) is bloked by an error

Chargement refusé par X-Frame-Options : « SAMEORIGIN » à l’adresse « https://example.com/wp-admin/network/plugin-install.php?tab=plugin-information&plugin=loco-translate& », le site ne permet pas l’utilisation de cadres multiorigines depuis « https://example.com/wp-admin/plugins.php ».

Change History (3)

#1 @sebastienserre
2 years ago

This happened only on a subsite, not on the main network level.

#2 @audrasjb
2 years ago

  • Focuses multisite added

#3 @bonaldi
2 years ago

  • Severity changed from normal to major
  • Version set to 5.3

Errors in English, in Firefox 70.0.1 for Linux Web Console:

Load denied by X-Frame-Options: “SAMEORIGIN” from “https://example.com/wp-admin/network/plugin-install.php?tab=plugin-information&plugin=contact-form-7&”, site does not permit cross-origin framing from “https://example.com/wp-admin/plugins.php”.
SecurityError: Permission denied to access property "document" on cross-origin object
Note: See TracTickets for help on using tickets.