Support » Plugin: MailPoet - emails and newsletters in WordPress » MailPoet x-frame-options header broke my site

  • Resolved Nimbus Digital

    (@nimusdigital)


    TL;DR

    My site would not load properly. Chrome dev tools giving error:
    Refused to display 'https://cabgrid.com/help-and-support/custom-styles/changing-one-way-return-icon-button/?et_fb=1&et_bfb=1&PageSpeed=off' in a frame because it set multiple 'X-Frame-Options' headers with conflicting values ('allow-all, SAMEORIGIN'). Falling back to 'deny'.

    Solution:

    Comment out following line found in MailPoet plugin code (/wp-content/plugins/mailpoet/lib/Form/Widget.php line 49)
    header('X-Frame-Options: allow-all', true);

    Longer version:

    WordPress 5.4
    MailPoet 3.46.10
    Server NGINX 1.16.1
    Theme Divi 4.4.3

    Divi loads its builder in the admin via an iFrame. Recently, the builder failed to load (hung).

    Examining the Chrome dev tools the above mentioned error became apparent. Looking at the Network tab, I saw two headers returned for x-frame-options:

    x-frame-options: allow-all
    x-frame-options: SAMEORIGIN

    My NGINX configuration sets the SAMEORIGIN http header, but I could not find the source of the allow-all header. When loading a stand-alone PHP file on my site I only received the SAMEORIGIN header, so the problem must be within WordPress (not a server misconfiguration).

    I also noted I was not getting the same problem on similar sites on the same server.

    After some hunting through the site’s code I discovered the line above in MailPoet’s widget.php file. This file appears to extend WordPress’s own widget class, so is probably being executed beyond its intended context.

    In any case, commenting out line 49 (as mentioned above) removed the second x-frame-options header and now the Divi builder loads properly.

    Question is, have I now borked some functionality within MailPoet?

    Thoughts?

    The page I need help with: [log in to see the link]

Viewing 2 replies - 1 through 2 (of 2 total)
  • Hi,
    I have the same issue on my site too. In my case, the X-frame-options header set by mailpoet causes the Elementor editor to fail when loading giving a X-frame-options conflict error message.
    Commenting the above line fixes it for mee too.

    Thread Starter Nimbus Digital

    (@nimusdigital)

    According to their release notes, this problem is supposed to be resolved in Mail Poet v3.46.11 – 2020-04-21

    I haven’t tested it yet.

    Nice of them to acknowledge it here so others discovering this thread know it’s fixed.

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘MailPoet x-frame-options header broke my site’ is closed to new replies.