I am trying to embed the admin “new post” WordPress page into an iframe:
<iframe height="500px" frameborder="0" width="740px" src="https://wordpress.stackexchange.com/questions/33458/my_wordpress_domain/wp-admin/post-new.php"/>
For some reason the iframe loads a blank page. The link itself works in a separate tab and so does the wordpress home page.
Is this a security issue, if so, how can I circumvent it?
2 Answers
By default WordPress doesn’t allow to embed the admin pages into a frame. From wp-includes/default-filters.php:
add_action( 'admin_init', 'send_frame_options_header', 10, 0 );
To enable embedding, remove the action in a plugin:
remove_action( 'admin_init', 'send_frame_options_header' );
Be aware of the security implications. I wouldn’t do that.
