I have a Wordpress multisite with multiple WooCommerce installations. I'm trying to get a dashboard report of all regions across the installation via iFrames:
- en.foo.com
- au.foo.com
- eu.foo.com
etc
On the main dashboard page, I'm using the following code to inject the required iFrames:
jQuery(document).ready(function($) {
/*If the user is on the main dashboard...*/
if(window.location.href.indexOf("https://foo.com/wp-admin/network/") > -1) {
console.log('Admin Dashboard - Activating global iFrame stats');
/*Create area for iFrames*/
$('#dashboard-widgets').after('<div class="iframe-container"><strong>Cross Network Stats (US, UK, AU, EU)</strong></div>');
/*United States*/
/*Add US iFrame (on same domain - working)*/
$('.iframe-container').append('<div><strong style="font-size: 2em;">United States:</strong><br><br><iframe src="https://foo.com/wp-admin/edit.php?post_type=shop_order" width="100%" height="450px"></iframe></div>');
/*United Kingdom*/
/*Add UK iFrame (on subdomain - not working)*/
$('.iframe-container').append('<div><strong style="font-size: 2em;">United Kingdom:</strong><br><br><iframe src="https://en.foo.com/wp-admin/edit.php?post_type=shop_order" width="100%" height="450px"></iframe></div>');
}
});
The first iFrame works as intended, however the second does not, as it's in an iFrame and creates an X-Frame security error:
Load denied by X-Frame-Options: https://en.foo.com/wp-admin/edit.php?post_type=shop_order does not permit cross-origin framing.
I have read that this can be avoided through use of 'document.domain'. As such I've injected the following code into my footer on the global admin footer:
echo '<script>document.domain = "foo.com";</script>';
However, I am still getting the same issue as before.
Do I need to trigger document.domain as a javascript function while calling the iFrames via jQuery?
