Media: Skip cross-origin isolation for third-party page builders #11170
There are no files selected for viewing
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -6371,14 +6371,16 @@ function wp_get_image_editor_output_format( $filename, $mime_type ) { | |
| * @return bool Whether client-side media processing is enabled. | ||
| */ | ||
| function wp_is_client_side_media_processing_enabled(): bool { | ||
| $enabled = ( is_ssl() || 'localhost' === $_SERVER['HTTP_HOST'] ); | ||
|
adamsilverstein marked this conversation as resolved.
Outdated
|
||
|
|
||
| /** | ||
| * Filters whether client-side media processing is enabled. | ||
| * | ||
| * @since 7.0.0 | ||
| * | ||
| * @param bool $enabled Whether client-side media processing is enabled. Default true if SSL or localhost. | ||
|
adamsilverstein marked this conversation as resolved.
Outdated
|
||
| */ | ||
| return (bool) apply_filters( 'wp_client_side_media_processing_enabled', $enabled ); | ||
| } | ||
|
|
||
| /** | ||
|
|
@@ -6437,6 +6439,10 @@ function wp_get_chromium_major_version(): ?int { | |
| * media processing in the editor. Uses Document-Isolation-Policy | ||
| * on supported browsers (Chromium 137+). | ||
| * | ||
| * Skips setup when a third-party page builder overrides the block | ||
| * editor via a custom `action` query parameter, as DIP would block | ||
| * same-origin iframe access that these editors rely on. | ||
| * | ||
| * @since 7.0.0 | ||
| */ | ||
| function wp_set_up_cross_origin_isolation(): void { | ||
|
|
@@ -6454,6 +6460,16 @@ function wp_set_up_cross_origin_isolation(): void { | |
| return; | ||
| } | ||
|
|
||
| /* | ||
| * Skip when a third-party page builder overrides the block editor. | ||
| * DIP isolates the document into its own agent cluster, | ||
| * which blocks same-origin iframe access that these editors rely on. | ||
| */ | ||
| // phpcs:ignore WordPress.Security.NonceVerification.Recommended | ||
|
adamsilverstein marked this conversation as resolved.
Outdated
|
||
| if ( isset( $_GET['action'] ) && 'edit' !== $_GET['action'] ) { | ||
|
Member
There was a problem hiding this comment. While implementing
Also, do we have any research or data on how many plugins might be impacted by this?
Member
There was a problem hiding this comment. This is not an issue for Web Stories because it short-circuits here: wordpress-develop/src/wp-includes/media.php Lines 6453 to 6455 in 055c638 This is because it is filtering
Member
There was a problem hiding this comment. BTW, it also short-circuits here with the Classic Editor plugin.
Member
Author
There was a problem hiding this comment.
the original pr included this fix, but it was removed because it was deemed unrelated (#11098 (comment)). Both changes came out of bugs reports after the release of beta 1 - https://core.trac.wordpress.org/ticket/64740 there is more discussion there about why the fix for Elementor was added |
||
| return; | ||
| } | ||
|
|
||
| // Cross-origin isolation is not needed if users can't upload files anyway. | ||
| if ( ! current_user_can( 'upload_files' ) ) { | ||
| return; | ||
|
|
||
Uh oh!
There was an error while loading. Please reload this page.