2

I'm trying to build a mobile app out of a wordpress site, and I've got the site loading via an iframe. Everything is working nicely so far, but I'm getting this error when I go to the login page:

"Refused to display 'http://example.com/wp-login.php' in a frame because it set 'X-Frame-Options' to 'SAMEORIGIN'."

I've done some Googling and I found another person who had a similar problem here - Embed wordpress admin inside an iframe. The solution was to use 

remove_action( 'login_init', 'send_frame_options_header', 10, 0 );
remove_action( 'admin_init', 'send_frame_options_header', 10, 0 );

But I've honestly got no clue where to put that code. Some more Googling pointed me towards the “./wp-includes/default-filters.php” file, but wouldn't that get overwritten with each WP update? Where can I put that code so it doesn't get overwritten and I can load my WP login inside an iframe?

Community
  • 1
  • 1
Malachi Draven
  • 33
  • 1
  • 5
  • You are running into a security feature called `same-origin policy`. If there is only one page that you want to iframe, do what's listed in this answer http://stackoverflow.com/questions/12182768/x-frame-options-sameorigin-blocking-iframe-on-my-domain/12192385#12192385 – Dimi Mar 13 '17 at 21:21
  • Where would I put that code for it to effect the wp-login page? – Malachi Draven Mar 13 '17 at 21:56

1 Answers1

1

I figured it out :) Thanks to this post - Can't access WordPress Dashboard in an iframe. The solution was to put

remove_action( 'login_init', 'send_frame_options_header' );
remove_action( 'admin_init', 'send_frame_options_header' );

in the functions.php file. Worked like a charm.

Community
  • 1
  • 1
Malachi Draven
  • 33
  • 1
  • 5