php 如何在 wordpress 站点中设置 X-Frame-Options 标题
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/30750576/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
How to set X-Frame-Options Header in wordpress Site
提问by Midhun
I have hosted a website which is created using Wordpress.
我托管了一个使用 Wordpress 创建的网站。
I am getting a security alert saying "X-Frame-Options Header Not Set", but I can't figure out what that means.
我收到一条安全警报说"X-Frame-Options Header Not Set",但我无法弄清楚这意味着什么。
Can anyone explain what this warning is about, and give me a solution on how to stop it from occuring?
谁能解释这个警告是关于什么的,并给我一个如何阻止它发生的解决方案?
回答by Artem Russakovskii
Here's an easier one-liner to set X-Frame-Options SAMEORIGINthat works, add the following to the functions.php file in your current Wordpress theme:
这是一个更简单的单行设置X-Frame-Options SAMEORIGIN,可以将以下内容添加到当前 Wordpress 主题的 functions.php 文件中:
add_action( 'send_headers', 'send_frame_options_header', 10, 0 );
add_action( 'send_headers', 'send_frame_options_header', 10, 0 );
回答by Smruti Ranjan
Option 1: Go to wordpress-root/wp-includes/functions.phpand search for "X-Frame-Options" and you will find the function
选项 1:转到wordpress-root/wp-includes/functions.php并搜索“X-Frame-Options”,您将找到该功能
function send_frame_options_header() {
@header( 'X-Frame-Options: SAMEORIGIN' );
}
If X-Frame-Options is not defined inside your functions.php file, you just paste the code inside functions.php. To Prevent the site from cross-frame-scripting in Wordpress use X-Frame-Options to SAMEORIGIN.
如果您的functions.php 文件中没有定义X-Frame-Options,您只需将代码粘贴到functions.php 中。要防止站点在 Wordpress 中跨框架脚本,请使用 X-Frame-Options to SAMEORIGIN。
Option 2:
选项 2:
Or you can set X-Frame-Options from the .htaccess file which is situated inside the root folder of wordpress. Just paste the below code inside .htaccess file.
或者您可以从位于 wordpress 根文件夹内的 .htaccess 文件中设置 X-Frame-Options。只需将以下代码粘贴到 .htaccess 文件中即可。
Header set X-Frame-Options SAMEORIGIN
回答by Ajay Malhotra
In any PHP application the header can be set before page content is sent. This is done using the header function.
在任何 PHP 应用程序中,都可以在发送页面内容之前设置标头。这是使用 header 函数完成的。
header('X-Frame-Options: SAMEORIGIN');
