I'm building a simple plugin for Divi that needs to display a page of my website in the plugin's admin page. When I tested the plugin I used the elegantthemes.com website as a sample in an iframe but then when I went to replace it with my own Divi based website I get this error Refused to display 'url' in a frame because it set 'X-Frame-Options' to 'SAMEORIGIN'. I understand that the X-Frame options are denying permissions to embed my site but I cannot for the life of me figure out where in the DIVI theme the options are set. I need to remove it completely since ALLOW_FROM won't work, it needs to be defaulted to allow all domains. I don't want to modify the WP core files, there must be some way in the theme files right? Any help will be greatly appreciated.
I doubt that this is set in Divi theme itself. You should check it in your .htaccess file & remove it from there.
Hi Admin thanks for the advice. I'm not sure I'm skilled enough to work in .htaccess, my coding knowledge is very limited (I'm a designer), I get around by doing a ton of research and I understand most of what I read in the core files but I can't necessarily put it into practice by myself. This is what the file contains: # BEGIN WordPress # The directives (lines) between `BEGIN WordPress` and `END WordPress` are # dynamically generated, and should only be modified via WordPress filters. # Any changes to the directives between these markers will be overwritten. <IfModule mod_rewrite.c> RewriteEngine On RewriteBase / RewriteRule ^index\.php$ - [L] RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule . /index.php [L] </IfModule> # END WordPress After combing through the WordPress core code I found where the X-Frame-Options are set in ./wp-includes/function.php I commented out the function and also commented out the function but still got the same error in the page trying to load the iframe. I then also commented out the 2 lines that add it in default_filters.php ie. ('admin_init', send_frame_options_header) and ('login_init', send_frame_options_header) and it still doesn't work. I then tried to instead remove the actions by adding the following to the functions.php files remove_action( 'admin_init', 'send_frame_options_header', 10, 0 ); remove_action( 'login_init', 'send_frame_options_header', 10, 0 ); ...which also did nothing. Could you tell when what to add or remove from the .htaccess file as a last resort please?
Thank you, adding - Header always unset X-Frame-Options - in .htaccess removed the error but it's now throwing a 403 access forbidden error instead. I'll research further. Thanks for you help so far. Error: Failed to load resource: the server responded with a status of 403 ()
You cannot display a lot of websites inside an iFrame. Reason being that they send an "X-Frame-Options: SAMEORIGIN" response header. This option prevents the browser from displaying iFrames that are not hosted on the same domain as the parent page. I faced the same error when displaying YouTube links. For example: Code: https://www.youtube.com/watch?v=8WkuChVeL0s I replaced watch?v= with embed/ so the valid link will be: Code: https://www.youtube.com/embed/8WkuChVeL0s It works well. Try to apply the same rule on your case. http://net-informations.com/q/mis/youtube.html