My site would not load properly. Chrome dev tools giving error:
Refused to display 'https://cabgrid.com/help-and-support/custom-styles/changing-one-way-return-icon-button/?et_fb=1&et_bfb=1&PageSpeed=off' in a frame because it set multiple 'X-Frame-Options' headers with conflicting values ('allow-all, SAMEORIGIN'). Falling back to 'deny'.
Comment out following line found in MailPoet plugin code (/wp-content/plugins/mailpoet/lib/Form/Widget.php line 49)
header('X-Frame-Options: allow-all', true);
Server NGINX 1.16.1
Theme Divi 4.4.3
Divi loads its builder in the admin via an iFrame. Recently, the builder failed to load (hung).
Examining the Chrome dev tools the above mentioned error became apparent. Looking at the Network tab, I saw two headers returned for x-frame-options:
x-frame-options: allow-all x-frame-options: SAMEORIGIN
My NGINX configuration sets the SAMEORIGIN http header, but I could not find the source of the allow-all header. When loading a stand-alone PHP file on my site I only received the SAMEORIGIN header, so the problem must be within WordPress (not a server misconfiguration).
I also noted I was not getting the same problem on similar sites on the same server.
After some hunting through the site’s code I discovered the line above in MailPoet’s widget.php file. This file appears to extend WordPress’s own widget class, so is probably being executed beyond its intended context.
In any case, commenting out line 49 (as mentioned above) removed the second x-frame-options header and now the Divi builder loads properly.
Question is, have I now borked some functionality within MailPoet?
The page I need help with: [log in to see the link]
I have the same issue on my site too. In my case, the X-frame-options header set by mailpoet causes the Elementor editor to fail when loading giving a X-frame-options conflict error message.
Commenting the above line fixes it for mee too.
- The topic ‘MailPoet x-frame-options header broke my site’ is closed to new replies.