Created
April 14, 2016 15:19
-
-
Save bdeleasa/80f7e61fca55507705d5cf8f86adb868 to your computer and use it in GitHub Desktop.
Wordpress plugin that removes the X-Frame-Options header to allow for domain masking.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?php | |
/** | |
* The plugin bootstrap file | |
* | |
* This file is read by WordPress to generate the plugin information in the plugin | |
* admin area. This file also includes all of the dependencies used by the plugin, | |
* registers the activation and deactivation functions, and defines a function | |
* that starts the plugin. | |
* | |
* @link http://example.com | |
* @since 0.0.1 | |
* @package WP_Domain_Masking | |
* | |
* @wordpress-plugin | |
* Plugin Name: WP Domain Masking | |
* Plugin URI: https://gist.github.com/bdeleasa/80f7e61fca55507705d5cf8f86adb868 | |
* Description: Allows domain masking. | |
* Version: 1.0.0 | |
* Author: Brianna Deleasa | |
* Author URI: http://briannadeleasa.com | |
* License: GPL-2.0+ | |
* License URI: http://www.gnu.org/licenses/gpl-2.0.txt | |
* Text Domain: wp-domain-masking | |
* Domain Path: /languages | |
*/ | |
// If this file is called directly, abort. | |
if ( ! defined( 'WPINC' ) ) { | |
die; | |
} | |
add_action( 'wp_head', 'wpdm_allow_iframe_embedding' ); | |
/** | |
* Removes the X-Frame-Options header tag to allow domain masking. | |
* | |
* @param none | |
* @return null | |
*/ | |
function wpdm_allow_iframe_embedding() { | |
header_remove("X-Frame-Options"); | |
} |
@hackaros it works by removing the 'X-Frame-Options' header that WordPress core sets, thus allowing the site to be iframed into any other site. Note that this isn't extremely secure--it might be even better to, immediately after removing the existing header, add one back that specifies which domains to allow iframes on.
It might not always work: "Cannot modify header information - headers already sent by"
.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
How it works?