1. HOT Divi Ultimate Header Plugin - More variety for your Divi header: https://header.diviultimate.com/

How to remove X-Frame options in DIVI theme?

Discussion in 'Free Divi Community Forum' started by Hello_Steph, Apr 15, 2020.

  1. Hello_Steph

    Hello_Steph New Member

    I'm building a simple plugin for Divi that needs to display a page of my website in the plugin's admin page.
    When I tested the plugin I used the elegantthemes.com website as a sample in an iframe but then when I went to replace it with my own Divi based website I get this error

    Refused to display 'url' in a frame because it set 'X-Frame-Options' to 'SAMEORIGIN'.

    I understand that the X-Frame options are denying permissions to embed my site but I cannot for the life of me figure out where in the DIVI theme the options are set. I need to remove it completely since ALLOW_FROM won't work, it needs to be defaulted to allow all domains.

    I don't want to modify the WP core files, there must be some way in the theme files right?
    Any help will be greatly appreciated.
    1. AD Set awesome default design for your Divi single blog page: https://blog.diviultimate.com/
  2. Divi.Help

    Divi.Help Administrator
    Staff Member

    I doubt that this is set in Divi theme itself. You should check it in your .htaccess file & remove it from there.
  3. Hello_Steph

    Hello_Steph New Member

    Hi Admin thanks for the advice.

    I'm not sure I'm skilled enough to work in .htaccess, my coding knowledge is very limited (I'm a designer), I get around by doing a ton of research and I understand most of what I read in the core files but I can't necessarily put it into practice by myself.

    This is what the file contains:

    # BEGIN WordPress
    # The directives (lines) between `BEGIN WordPress` and `END WordPress` are
    # dynamically generated, and should only be modified via WordPress filters.
    # Any changes to the directives between these markers will be overwritten.
    <IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteBase /
    RewriteRule ^index\.php$ - [L]
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule . /index.php [L]

    # END WordPress

    After combing through the WordPress core code I found where the X-Frame-Options are set in ./wp-includes/function.php

    I commented out the function and also commented out the function but still got the same error in the page trying to load the iframe. I then also commented out the 2 lines that add it in default_filters.php ie. ('admin_init', send_frame_options_header) and ('login_init', send_frame_options_header) and it still doesn't work.

    I then tried to instead remove the actions by adding the following to the functions.php files
    remove_action( 'admin_init', 'send_frame_options_header', 10, 0 );
    remove_action( 'login_init', 'send_frame_options_header', 10, 0 );

    ...which also did nothing.

    Could you tell when what to add or remove from the .htaccess file as a last resort please?
    1. AD Replace all Divi-related branding with your own for your Divi site: https://divi.help/link-forums/divi-ghoster.161/
  4. Divi.Help

    Divi.Help Administrator
    Staff Member

    Found this: https://wordpress.stackexchange.com...ove-x-frame-options-sameorigin-from-wordpress
  5. Hello_Steph

    Hello_Steph New Member

    1. AD Easily add Mega Menu for your Divi site: https://divi.help/link-forums/divi-mega-pro.149/
  6. linehammer

    linehammer New Member

    You cannot display a lot of websites inside an iFrame. Reason being that they send an "X-Frame-Options: SAMEORIGIN" response header. This option prevents the browser from displaying iFrames that are not hosted on the same domain as the parent page.

    I faced the same error when displaying YouTube links. For example:

    I replaced watch?v= with embed/ so the valid link will be:

    It works well.

    Try to apply the same rule on your case.