Steve-Dee-Designs
/
woocommerce
mirror of https://github.com/woocommerce/woocommerce.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

wc_send_frame_options_header 

Prevent Clickjacking - prevent checkout and account pages from being
used in iFrames. Added via filter so this can be disabled.

Closes #8
This commit is contained in:
Mike Jolley 2015-05-25 00:35:45 +01:00
parent 3b45c0d46f
commit cb2079deaa
1 changed files with 14 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
includes/wc-template-functions.php
View File

@ -69,6 +69,20 @@ function wc_template_redirect() {
} }
add_action( 'template_redirect', 'wc_template_redirect' ); add_action( 'template_redirect', 'wc_template_redirect' );
/**
* When loading sensitive checkout or account pages, send a HTTP header to limit rendering of pages to same origin iframes for security reasons.
*
* Can be disabled with: remove_action( 'template_redirect', 'wc_send_frame_options_header' );
*
* @since 2.3.10
*/
function wc_send_frame_options_header() {
if ( is_checkout() || is_account_page() ) {
send_frame_options_header();
}
}
add_action( 'template_redirect', 'wc_send_frame_options_header' );
/** /**
* When the_post is called, put product data into a global. * When the_post is called, put product data into a global.
* *