(PS: Plugin might be temporarily deactivated on the live site due to this error.)
]]>I have a big problem with [ redundant link removed ] as;
my website has TravelTour theme however it takes errors from google ;
1.
HIGH SEVERITY
Strict Transport Security
A HSTS Policy informing the HTTP client how long to cache the HTTPS only policy and whether this applies to subdomains.
2.
MEDIUM SEVERITY
X Frame Options
Clickjacking protection: deny – no rendering within a frame, sameorigin – no rendering if origin mismatch, allow-from – allow from specified location, allowall – non-standard, allow from any location
3.
HIGH SEVERITY
Content Security Policy
A computer security standard introduced to prevent cross-site scripting (XSS), clickjacking and other code injection attacks resulting from execution of malicious content in the trusted web page context
Thank you all,
Best Regards,
Ender BOZ
Refused to display 'https://www.facebook.com/v2.9/plugins/comments.php?app_id=..... in a frame because it set 'X-Frame-Options' to 'DENY'.Description:
under the iframe, the checkout page will show “xxxx.com refused to connect”.
I checked the Internet article and said it is related to the X-Frame setting. How can I set this?
Note 1: Both stations are https
Note 2: I tried the following, I don’t know if it’s old, so it doesn’t work
https://gist.github.com/shivapoudel/8f40615c3f700a6274577d598718d1d9
thank you
]]>Under iframe, the checkout page shows “xxxx.com refused to connect”.
I checked the internet article that it is related to the X-Frame setting. How can I set this?
Note 1: Both the main site and target site are https
Note 2: I don’t know if the following is the old way, it doesn’t work after trying it. Or, my method is wrong, I use code snpit plugin to put the code into the website
https://gist.github.com/shivapoudel/8f40615c3f700a6274577d598718d1d9?fbclid=IwAR3OdJ2WuLQnSbzAeBABJ4tF0p214G3WeY4oJx40l9wEGIUgKVHOU6itMBs
Thank you
]]>So I tried to set up an explicit directive ALLOW-FROM https://facebook.com and it did not recognise it (I think Chrome just ignores this directive). Also tried a directive for same-origin but that got rejected. In the end I just opened up the x-frame options with “Allow”. However, I don’t really think this is a good idea to prevent cross-scripting attacks – I think it leaves me wide open. Here is the code I put within my .htaccess file:
# Fix console error for FB Messenger plugin
<IfModule mod_headers.c>
Header set X-Frame-Options Allow
Header always append X-Frame-Options SAMEORIGIN**
</IfModule>Stackoverflow resources:
https://stackoverflow.com/questions/17092154/x-frame-options-on-apache?fbclid=IwAR0xdmBS9PrYO-BDb7jBXLzgm0FPhXuwaj92OKPS5ZmRH3uzMhPkl8zsjgo
https://stackoverflow.com/questions/20611893/can-somebody-please-help-me-to-avoid-internal-server-error-htaccess-apache2c
What does the plugin author recommend to solve this browser error? Or if any other users came across it, what did you do?
]]>Notice: Undefined index: basemap_toggle in /home/content/p3pnexwpnas11_data03/90/42158390/html/wp-content/plugins/embed-webmap/public/class-embed-webmap.php on line 161
Notice: Undefined index: home in /home/content/p3pnexwpnas11_data03/90/42158390/html/wp-content/plugins/embed-webmap/public/class-embed-webmap.php on line 172
Notice: Undefined index: basemaps in /home/content/p3pnexwpnas11_data03/90/42158390/html/wp-content/plugins/embed-webmap/public/class-embed-webmap.php on line 178
Notice: Undefined index: description in /home/content/p3pnexwpnas11_data03/90/42158390/html/wp-content/plugins/embed-webmap/public/class-embed-webmap.php on line 184
Notice: Undefined index: basemap_toggle in /home/content/p3pnexwpnas11_data03/90/42158390/html/wp-content/plugins/embed-webmap/public/class-embed-webmap.php on line 189
This content can’t be shown in a frame
There is supposed to be some content here, but the publisher doesn’t allow it to be displayed in a frame. This is to help protect the security of any information you might enter into this site.
Try this
Open this in a new window
The error code I get through the developer options is:
Refused to display ‘https://www.arcgis.com/home/signin.html?returnUrl=https%3A//www.arcgis.com/apps/Embed/index.html%3Fwebmap%3D8f6ac81be14b4f24bcda4dcc6d21a5e4%26extent%3D%26theme%3Dlight%26zoom%3Dfalse%26scale%3Dfalse%26disable_scroll%3Dfalse’ in a frame because it set ‘X-Frame-Options’ to ‘deny’.
Tried in Chrome and Edge. I have a webmap in a Public group and have only two layers:
– One I created
– One of ESRIs standard basemaps
Got any ideas what the issue is or where I can start troubleshooting?
]]>Invalid 'X-Frame-Options' header encountered when loading 'https://sitename.com/?customize_changeset_uuid=f59f1a5b-5eeb-4d8a-8588-50679db14627&customize_theme={theme_name}&customize_messenger_channel=preview-0': 'ALLOW-FROM https://sitename.com/wp-admin/customize.php' is not a recognized directive. The header will be ignored.
When changing the Site Title for example, it will update the title, but then the title title will disappears because the partial is unable to load due to customizer.php being inaccessible within the iFrame.
error_file: "/path_to_public_html/wp-includes/customize/class-wp-customize-partial.php"
error_line: 217
error_number: 2
error_string: "call_user_func() expects parameter 1 to be a valid callback, function 'theme_customize_partial_blogname' not found or invalid function name"
partial: "blogname"I have scoured the forums for a similar issue but I am have not encountered anything that would indicate how I can address this issue.
The issue only persists on safari on my MacBook and does not appear to be an issue on any other browser, nor does the issue happen on my PC.
I suspect the issue is Safari doesn’t support ‘ALLOW FROM’ and perhaps it should be changed to ‘SAMEORIGIN’
Is there a way for me to change the x-frame filter for customizer.php so that the customizer functions as expected on my Mac.
Thank you
]]>The console is showing an error message of ‘Refused to display ‘https://www.eventbrite.com/tickets-external?eid={eventnumberhere}&ref=etckt’ in a frame because it set ‘X-Frame-Options’ to ‘SAMEORIGIN’.
So I understand there seems to be an issue with localhost and X-frames. I’m not sure which end this is at, nor how to change it.
If anyone has a suggestion please let me know. Thanks!
]]>I believe the best option is potentially to allow the call centre’s IP addresses to x-frame the site (and the secure checkout page) but using ALLOW-FROM xxx doesn’t seem to work with IP addresses (only domains) and results in a server error.
Has anyone else been able to to x-frame their WordPress site, especially woo commerce store, especially to allow call centres to integration with it?
Store – https://www.bodymassageshop.com
]]>