Menu
I have an iframe on http://foo.example.com which targets to http://bar.example.com.
On http://bar.example.com is a WordPress installation. I'm able to view the page and click on all pages and post but when I try to go to the backend I get
Refused to display document because display forbidden by X-Frame-Options.
and the request is aborted.
According to this question I aded this header which gets send successfully:
header('X-Frame-Options: GOFORIT');
What else can limit the access to just the dashboard (and the login screen)?
I have access to both subdomains and can use a htaccess as well
837
Here is a better solution that won't break when you update Wordpress:
remove_action( 'login_init', 'send_frame_options_header' );
remove_action( 'admin_init', 'send_frame_options_header' );
Here's another solution if you're using Apache. Throw this in your .htaccess:
<IfModule mod_headers.c>
Header unset X-Frame-Options
Header always unset X-Frame-Options
</IfModule>
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
