public function customize_preview_init()
{
/*
* Now that Customizer previews are loaded into iframes via GET requests
* and natural URLs with transaction UUIDs added, we need to ensure that
* the responses are never cached by proxies. In practice, this will not
* be needed if the user is logged-in anyway. But if anonymous access is
* allowed then the auth cookies would not be sent and WordPress would
* not send no-cache headers by default.
*/
if (!headers_sent()) {
nocache_headers();
header('X-Robots: noindex, nofollow, noarchive');
}
add_action('wp_head', 'wp_no_robots');
add_filter('wp_headers', array($this, 'filter_iframe_security_headers'));
/*
* If preview is being served inside the customizer preview iframe, and
* if the user doesn't have customize capability, then it is assumed
* that the user's session has expired and they need to re-authenticate.
*/
if ($this->messenger_channel && !current_user_can('customize')) {
$this->wp_die(-1, __('Unauthorized. You may remove the customize_messenger_channel param to preview as frontend.'));
return;
}
$this->prepare_controls();
add_filter('wp_redirect', array($this, 'add_state_query_params'));
wp_enqueue_script('customize-preview');
add_action('wp_head', array($this, 'customize_preview_loading_style'));
add_action('wp_head', array($this, 'remove_frameless_preview_messenger_channel'));
add_action('wp_footer', array($this, 'customize_preview_settings'), 20);
add_filter('get_edit_post_link', '__return_empty_string');
/**
* Fires once the Customizer preview has initialized and JavaScript
* settings have been printed.
*
* @since 3.4.0
*
* @param WP_Customize_Manager $this WP_Customize_Manager instance.
*/
do_action('customize_preview_init', $this);
}