Can't access WordPress Dashboard in an iframe

wordpress iframe x-frame-options

Xaver · Jan 15, 2013 · Viewed 7.4k times · Source

I have an iframe on http://foo.example.com which targets to http://bar.example.com.

On http://bar.example.com is a WordPress installation. I'm able to view the page and click on all pages and post but when I try to go to the backend I get

Refused to display document because display forbidden by X-Frame-Options.

and the request is aborted.

According to this question I aded this header which gets send successfully:

header('X-Frame-Options: GOFORIT');

What else can limit the access to just the dashboard (and the login screen)?

I have access to both subdomains and can use a htaccess as well

Answer

Here is a better solution that won't break when you update Wordpress:

remove_action( 'login_init', 'send_frame_options_header' );
remove_action( 'admin_init', 'send_frame_options_header' );

Here's another solution if you're using Apache. Throw this in your .htaccess:

<IfModule mod_headers.c>
    Header unset X-Frame-Options
    Header always unset X-Frame-Options
</IfModule>

Can't access WordPress Dashboard in an iframe

Answer

Related questions