Viewing 2 posts - 1 through 2 (of 2 total)
  • Author
    Posts
  • #54308
    Jon Brown
    Guest

    This option is now obsolete and if you use it NO iframe blocking occurs so this is dangerous to have present.

    https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options

    ALLOW-FROM uri – This is an obsolete directive that no longer works in modern browsers. Don’t use it. In supporting legacy browsers, a page can be displayed in a frame only on the specified origin uri. Note that in the legacy Firefox implementation this still suffered from the same problem as SAMEORIGIN did — it doesn’t check the frame ancestors to see if they are in the same origin. The Content-Security-Policy HTTP header has a frame-ancestors directive which you can use instead.

    I create an account (very tricky) but could not post on the forum.

    Thanks

    Jon

    #54342
    Marko Vasiljevic
    Keymaster

    Hello Jon,

    Thank you for reaching out and thank you for taking the time to check and report this about the W3 Total Cache settings.
    We’ll make sure to bring this to the team and discuss the problem for future releases.
    Thanks!

Viewing 2 posts - 1 through 2 (of 2 total)
  • The topic ‘BUG Total Cache – ALLOW-FROM should be removed’ is closed to new replies.