WP_Customize_Manager::filter_iframe_security_headers PHP Method

WP_Customize_Manager Class Documentation Usage Examples Of WP_Customize_Manager::filter_iframe_security_headers Show file Open project: johnpbloch/wordpress

filter_iframe_security_headers() public method

Filter the X-Frame-Options and Content-Security-Policy headers to ensure frontend can load in customizer.

Since: 4.7.0

public filter_iframe_security_headers ( array $headers ) : array
$headers	array	Headers.
return	array	Headers.

    public function filter_iframe_security_headers($headers)
    {
        $customize_url = admin_url('customize.php');
        $headers['X-Frame-Options'] = 'ALLOW-FROM ' . $customize_url;
        $headers['Content-Security-Policy'] = 'frame-ancestors ' . preg_replace('#^(\\w+://[^/]+).+?$#', '$1', $customize_url);
        return $headers;
    }

Usage Example

Example #1

Show file

File: manager.php Project: CompositeUK/clone.WordPress-Develop

 /**
  * Test WP_Customize_Manager::filter_iframe_security_headers().
  *
  * @ticket 30937
  * @covers WP_Customize_Manager::filter_iframe_security_headers()
  */
 function test_filter_iframe_security_headers()
 {
     $customize_url = admin_url('customize.php');
     $wp_customize = new WP_Customize_Manager();
     $headers = $wp_customize->filter_iframe_security_headers(array());
     $this->assertArrayHasKey('X-Frame-Options', $headers);
     $this->assertArrayHasKey('Content-Security-Policy', $headers);
     $this->assertEquals("ALLOW-FROM {$customize_url}", $headers['X-Frame-Options']);
 }

WP_Customize_Manager

__construct

_cmp_priority

_filter_revision_post_has_changed

_publish_changeset_values

_render_custom_logo_partial

_sanitize_background_setting

_sanitize_header_textcolor

_save_starter_content_changeset

_validate_external_header_video

_validate_header_video

add_control