WP_Customize_Manager::filter_iframe_security_headers( array $headers )

Filter the X-Frame-Options and Content-Security-Policy headers to ensure frontend can load in customizer.


Parameters

$headers

(array) (Required) Headers.


Return

(array) Headers.


Source

File: wp-includes/class-wp-customize-manager.php

	public function filter_iframe_security_headers( $headers ) {
		$customize_url = admin_url( 'customize.php' );
		$headers['X-Frame-Options'] = 'ALLOW-FROM ' . $customize_url;
		$headers['Content-Security-Policy'] = 'frame-ancestors ' . preg_replace( '#^(\w+://[^/]+).+?$#', '$1', $customize_url );
		return $headers;
	}


Changelog

Changelog
Version Description
WP-4.7.0 Introduced.