Admin original domain & customizer

  • It appears that the option “Redirect administration pages to site’s original domain” breaks the Customizer. The iframe content uses the mapped domain while the top frame is on the original subdomain.

    Chrome sais in console:

    
Refused to display 'https://www.mappeddomain.com/?customize_changeset_uuid=...ustomize_theme=...&customize_messenger_channel=preview-0' in a frame because an ancestor violates the following Content Security Policy directive: "frame-ancestors https://www.mappeddomain.com".

    In the iframe request I see this in these response headers:

    
Content-Security-Policy:frame-ancestors https://www.mappeddomain.com
X-Frame-Options:ALLOW-FROM https://www.mappeddomain.com/wp-admin/customize.php

    Not sure if changing these URLs (if at all possible) would fix this but I’ll do some testing ??

Viewing 6 replies - 1 through 6 (of 6 total)
  • Thread Starter Rolf Allard van Hagen

    (@ravanh)

    Oh, hang on. Looking at the source of class-wp-customize-manager.php (method filter_iframe_security_headers) I notice that admin_url() is used to retrieve the URL used in these headers.

    Why does that function return the mapped domain instead of the original domain here?

    Thread Starter Rolf Allard van Hagen

    (@ravanh)

    Hmmm, turns out that if I force the admin_url filter in domain-mapping.php to do it’s work here, the iframe content (on mapped domain) loads but now there are other problems preventing the Customizer preview to work correctly.

    Errors in console like these prevent changes in the customizer to load in the preview:

    
Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://www.mappeddomain.com') does not match the recipient window's origin ('https://original.domain.com').
send @ customize-base.min.js?ver=4.7.3:1

    So it doesn’t look like it’s possible at all to have admin and preview on different domains ??

    Only way seems to be to make the preview to load from the original domain too. But how…

    Plugin Author Ron Rennick

    (@wpmuguru)

    If you want to use the customizer then don’t run the dashboards in the original domains. It’s your web browser security that is blocking the customizer scripts.

    Thread Starter Rolf Allard van Hagen

    (@ravanh)

    Hi Ron, yes that was my conclusion too. I suppose disabling the domain redirect to allow both admin and front end to be on the same (original) domain would make the customizer accessible but leave sites vulnerable to the infamous double content penalty…

    Is there no way to make WordPress switch homeurl to the siteurl on the fly / temporarily while using the customizer?

    Or allowing front end on both domains only when logged in, while leaving the redirect to the mapped domain up for anonymous visitors?

    Just some thoughts ??

    Plugin Author Ron Rennick

    (@wpmuguru)

    Is there no way to make WordPress switch homeurl to the siteurl on the fly / temporarily while using the customizer?

    There might be a way to do that.

    As of WP 4.4, the site domain of sub sites can be changed directly in network admin so the DM plugin won’t have any new features added.

    Thread Starter Rolf Allard van Hagen

    (@ravanh)

    Yes I know. I’m not using Domain Mapping at the moment, simply setting the domain per site via the network admin.

    Downside: site owner cannot configure his/her own domain nor add additional domains. Also, when a site owner lets the domain expire he/she cannot access the site anymore via the original subdomain URL and needs to contact super admin to revert it all manually.

    As Domain Mapping allows accessing the site (admin) via multiple domains, it’s more user-friendly, where it not for this Customizer incompatibility.

    I’ve looked at Mercator which does allow additional domains to be set but does not address the other downsides.

    Anyway, I understand there is no further development on Domain Mapping… Thanks for responding though ??

Viewing 6 replies - 1 through 6 (of 6 total)
  • The topic ‘Admin original domain & customizer’ is closed to new replies.