BUG Total Cache – ALLOW-FROM should be removed

Posted on by

Tagged: 

Viewing 2 posts - 1 through 2 (of 2 total)
  • Author
    Posts
  • June 13, 2022 at 9:15 am #54308
    Jon Brown
    Guest

    This option is now obsolete and if you use it NO iframe blocking occurs so this is dangerous to have present.

    https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options

    ALLOW-FROM uri – This is an obsolete directive that no longer works in modern browsers. Don’t use it. In supporting legacy browsers, a page can be displayed in a frame only on the specified origin uri. Note that in the legacy Firefox implementation this still suffered from the same problem as SAMEORIGIN did — it doesn’t check the frame ancestors to see if they are in the same origin. The Content-Security-Policy HTTP header has a frame-ancestors directive which you can use instead.

    I create an account (very tricky) but could not post on the forum.

    Thanks

    Jon

    June 13, 2022 at 9:20 am #54342
    Marko Vasiljevic
    Keymaster

    Hello Jon,

    Thank you for reaching out and thank you for taking the time to check and report this about the W3 Total Cache settings.
    We’ll make sure to bring this to the team and discuss the problem for future releases.
    Thanks!

  • Author
    Posts
Viewing 2 posts - 1 through 2 (of 2 total)
  • The topic ‘BUG Total Cache – ALLOW-FROM should be removed’ is closed to new replies.

Looking For Something Else?

white icon monitor tablet phone displayBoldGrid Help for
Designers and Developers
white icon of screwdriver wrench rulerBoldGrid for eCommerce
white icon server stackBoldGrid for Hosts

Get 50% off a W3 Total Cache 1 Site License! Use code flash-sale-half-off at checkout.

Got it!
X