#50554 closed defect (bug) (invalid)
Do not use iframe for plugin information dialog
| Reported by: |
|
Owned by: | |
|---|---|---|---|
| Milestone: | Priority: | normal | |
| Severity: | normal | Version: | |
| Component: | Plugins | Keywords: | close |
| Focuses: | javascript, administration | Cc: |
Description
When you click a plugin title in the Add Plugins page, the plugin information dialog displays inside an iframe. This causes a problem if your htaccess file has X-Frame-Options: DENY. A solution to this problem would be to not use an iframe for the dialog.
Attachments (1)
Change History (4)
#2
@
8 months ago
- Keywords close added
- Resolution set to invalid
- Status changed from new to closed
Thanks for the report. The plugin information modal in WordPress admin is designed to load inside an iframe. If the server is configured with the X-Frame-Options: DENY header, browsers will block the iframe from loading, which results in this behavior.
This header is part of the site’s/server's security configuration and not set by WordPress core. Changing it to SAMEORIGIN will allow the modal to work while maintaining protection.
Since this is caused by site-specific configuration rather than a core issue, I'm marking this as invalid.
A picture describing the issue.