Filter the X-Frame-Options and Content-Security-Policy headers to ensure frontend can load in customizer.
public filter_iframe_security_headers ( array $headers ) : array | ||
$headers | array | Headers. |
return | array | Headers. |
/** * Test WP_Customize_Manager::filter_iframe_security_headers(). * * @ticket 30937 * @covers WP_Customize_Manager::filter_iframe_security_headers() */ function test_filter_iframe_security_headers() { $customize_url = admin_url('customize.php'); $wp_customize = new WP_Customize_Manager(); $headers = $wp_customize->filter_iframe_security_headers(array()); $this->assertArrayHasKey('X-Frame-Options', $headers); $this->assertArrayHasKey('Content-Security-Policy', $headers); $this->assertEquals("ALLOW-FROM {$customize_url}", $headers['X-Frame-Options']); }