WP_Customize_Manager::filter_iframe_security_headers( array $headers )
Filter the X-Frame-Options and Content-Security-Policy headers to ensure frontend can load in customizer.
Parameters
- $headers
-
(Required) Headers.
Return
(array) Headers.
Source
File: wp-includes/class-wp-customize-manager.php
public function filter_iframe_security_headers( $headers ) {
$customize_url = admin_url( 'customize.php' );
$headers['X-Frame-Options'] = 'ALLOW-FROM ' . $customize_url;
$headers['Content-Security-Policy'] = 'frame-ancestors ' . preg_replace( '#^(\w+://[^/]+).+?$#', '$1', $customize_url );
return $headers;
}
Changelog
Version | Description |
---|---|
WP-4.7.0 | Introduced. |