Ticket #2049 (closed defect: fixed)
Cannot preview entries when DNS differ from admin DNS
| Reported by: | bruno | Owned by: | team |
|---|---|---|---|
| Priority: | normal | Milestone: | 2.7.3 |
| Component: | module:core | Version: | 2.7.2 |
| Severity: | normal | Keywords: | |
| Cc: |
Description
Since anti-clickjacking has been implemented, entries cannot be previewed if their DNS differs from the admin DNS.
This measure should be softened, for instance by enabling underlying blog url. (use ALLOW-FROM instead of SAMEORIGIN).
Change History
comment:2 Changed 11 years ago by Dsls
(In [850dbd7afacb]) simplified url parsing, see #2049
comment:4 Changed 11 years ago by Dsls
(In [531b7a053458]) Made x-frame-options available for plugins, see #2049
comment:5 Changed 11 years ago by Dsls
(In [c45489df2bde]) Last tuning for x-frame-options (inc preview), see #2049
comment:6 Changed 11 years ago by Dsls
(In [230eb29a531e]) disable clickjacking in preview when clickjacking protection is not enabled, addresses #2049
comment:7 Changed 11 years ago by Dsls
(In [e2d3766b4d2a]) Fixed page preview bug, addresses #2049
Note: See
TracTickets for help on using
tickets.
(In [d5da0414c363]) added x-frame-options customizable for dcPage::open, fixes #2049