Viewing 2 posts - 1 through 2 (of 2 total)
  • Author
  • #54308
    Jon Brown

    This option is now obsolete and if you use it NO iframe blocking occurs so this is dangerous to have present.

    ALLOW-FROM uri – This is an obsolete directive that no longer works in modern browsers. Don’t use it. In supporting legacy browsers, a page can be displayed in a frame only on the specified origin uri. Note that in the legacy Firefox implementation this still suffered from the same problem as SAMEORIGIN did — it doesn’t check the frame ancestors to see if they are in the same origin. The Content-Security-Policy HTTP header has a frame-ancestors directive which you can use instead.

    I create an account (very tricky) but could not post on the forum.



    Marko Vasiljevic

    Hello Jon,

    Thank you for reaching out and thank you for taking the time to check and report this about the W3 Total Cache settings.
    We’ll make sure to bring this to the team and discuss the problem for future releases.

Viewing 2 posts - 1 through 2 (of 2 total)
  • The topic ‘BUG Total Cache – ALLOW-FROM should be removed’ is closed to new replies.