Unable to access WordPress toolbar in iframe

Question

Unable to access WordPress toolbar in iframe

I have an iframe at http://foo.example.com that targets at http://bar.example.com .

On http://bar.example.com is a WordPress installation. I can view the page and click on all pages and posts, but when I try to go to the backend, I get

Refused to display document because display forbidden by X-Frame-Options.

and the request is aborted.

In accordance with this question, I applied this header, which is sent successfully:

 header('X-Frame-Options: GOFORIT');

What else can restrict access only to the control panel (and to the login screen)?

I have access to both subdomains and you can also use htaccess

+4

wordpress iframe x-frame-options

Xaver Jan 15 '13 at 13:13

source share

2 answers

Here is the best solution that won't break when upgrading Wordpress:

 remove_action( 'login_init', 'send_frame_options_header' ); remove_action( 'admin_init', 'send_frame_options_header' );

Here is another solution if you are using Apache. Throw this into your .htaccess:

 <IfModule mod_headers.c> Header unset X-Frame-Options Header always unset X-Frame-Options </IfModule>

+4

jaggedsoft Apr 20 '15 at 6:19

source share

brasofilo · Accepted Answer · 2013-01-15T20:51:09+0000

In line with this, in WordPress replies Receiving "This content cannot be displayed in a frame" on the login page , WordPress sends a special header

 X-Frame-Options: SAMEORIGIN

which prevents clickjacking . And therefore the admin attachment is like an iframe.

You can remove this header by deleting a couple of actions from wp-includes/default-filters.php , but at your own peril and risk.

Someone can register a domain with a very similar name, insert your username as the iframe background and register the login credentials when trying to enter them.

Please read the full Q&A at WPSE.

Unable to access WordPress toolbar in iframe

More articles: