Joho the Blog » x-frame-options

September 12, 2011

How to embed a WordPress admin page

I’m posting this so I’ll remember, and in case someone else is googling around for it.

I have a little editor I wrote in javascript for creating blogposts. When I’m done editing, it loads the transmogrified text into an iframe that contains the WordPress /wp-admin/post.php page (which is the one you create posts with). Except that it stopped working recently, giving me “X-FRAME-OPTIONS” errors.

A little research showed that x-frame-options are set at the server to prevent people from capturing your pages in their own evil iframes (e.g., inserting your blog posts into their spammy site), either by preventing anyone from doing so, or preventing anyone from inserting into a page that isn’t from the same site as the source page.

I couldn’t figure out how to unset those options. But Chason C., at MediaTemple.net — my hosting company — got back to me within 24 hours with the answer. It turns out that MediaTemple isn’t setting that option; WordPress is. The solution is explained in this blog post, which Chason found for me.

The irony is that the blogpost with the answer has actually captured and embedded the original blog post by Igor at KrazyWorks, which you can find here.

2 Comments »


Switch to our mobile site