Develop Reference

Allow Wordpress installed with Docker on Azure to be embeded as iframe

I created a simple webapp container with the image wordpress:latest on linux on azure.
Everything works fine. Now I tried to embed this website in a website which I am working on running on my localhost:port.
Since I don't have access to SSH to edit the wp-config.php or .htaccess (it's anyways in the docker container) I installed the plugin wp-htaccess-editor to have access to the .htaccess (it really has access... I did changes and checked with another plugin..)
# BEGIN HttpHeaders
# The directives (lines) between "BEGIN HttpHeaders" and "END HttpHeaders" are
# dynamically generated, and should only be modified via WordPress filters.
# Any changes to the directives between these markers will be overwritten.
<IfModule mod_headers.c>
<IfModule mod_setenvif.c>
SetEnvIf Origin "^(.+)$" CORS=$0
</IfModule>
Header set Access-Control-Allow-Origin %{CORS}e env=CORS
<FilesMatch "\.(php|html)$">
Header set X-Frame-Options "ALLOW-FROM http://192.....:5174"
</FilesMatch>
</IfModule>
# END HttpHeaders
But I still get the error:
Refused to display 'http://goofyPage.azurewebsites.net' in a frame because it set 'X-Frame-Options' to 'sameorigin'.
But it is not true that x-frame-options is set to sameorigin.. it is set allow-from myLocalIP. => Somehow can it be that nginx overrides this option? since when I check the header data it is really still "sameorigin"...
What are my options to make this work? Should I add the header option also on Azure on my webApp->configuration->Application settings??
When I check https://goofyPage.scm.azurewebsites.net/Env#httpHeaders
AppSettings
Header = set X-Frame-Options ALLOW-FROM http://192...:5174
...
Environment variables
APPSETTING_Header = set X-Frame-Options ALLOW-FROM http://192....:5174
Header = set X-Frame-Options ALLOW-FROM http://192.....:5174

CORS policy unsolvable with .htaccess

I have a website www.1.com which access to font on a subdomain sub.1.com
When I load the page, I have the famous "blocked by CORS policy, no access-control-allow-origin."
So, I add in the root of my subdomain a .htaccess with :
<FilesMatch ".(eot|otf|ttf|woff|woff2)">
Header always set Access-Control-Allow-Origin "*"
</FilesMatch>
I tried with mod_header.c and other.
But none work !
What did I wrong ?
Thank you for your help, I know there is a lot of question regarding CORS, but I really do not understand what I'm doing wrong...

Looks like you need to replace 'set' with 'add' and remove 'always'.
Header add Access-Control-Allow-Origin "*"
Header add Access-Control-Allow-Methods: "GET,POST,OPTIONS,DELETE,PUT"
You could also set the headers in wordpress functions.php file like so
function add_cors_http_header(){
header("Access-Control-Allow-Origin: *");
}
add_action('init','add_cors_http_header');
Both of these should get you taken care of.

How to disable Vary header in bitnami wordpress

Which version of the application are you using?:
WordPress 4.8.2
Please choose how you got the application: Installer (Windows, Linux, macOS), cloud image (AWS, GCE, Azure, ...) or VM (VMDK, VBOX):
google cloud
Have you installed any plugin or modified any configuration file?:
wp super cache
Describe here your question/suggestion/issue (expected and actual results):
CDN can not hit my resource on edge server because of the vary header setting.
how to disable the vary:cookie?

You can unset the header in the /installdir/wordpress/conf/httpd-app.conf
file by adding the following:
<IfModule mod_headers.c>
Header unset Vary
</IfModule>
Hope it helps,
Michiel D'Hont

You could add it in the following way:
<IfModule mod_headers.c>
Header unset Vary
Header append Vary: Accept-Encoding
</IfModule>

Make mp4s download using Wordpress Multisite htaccess, only on specific subdomain

I am trying to get mp4's to download immediately when they are opened. And I've succeeded at that. However, I'm also trying to make this happen, only when the link is accessed from a specific subdomain. I run a Wordpress Multisite
I've run the following code in the Ifmodule to no avail. All the videos download immediately, no matter where they are accessed from. I'm pretty sure I'm using the conditioning wrong, but I can't find a good example of how to do this.
RewriteCond %{HTTP_HOST} ^www\.subdomain.example\.com$
<FilesMatch "\.(mp4|MP4)">
ForceType application/octet-stream
Header set Content-Disposition attachment
</FilesMatch>
Thanks for reading! (Double thanks for any help.)

Put the FileMatch directive in the vhost configuration for your domain. So, if the file sub.conf contains information about www.subdomain.example.com, you just have to add the following there:
<FilesMatch "\.[mM][pP]4">
ForceType application/octet-stream
Header set Content-Disposition attachment
</FilesMatch>

update panel CSV generation cache issue

On a page with update panel on a button click I have put some code to generate CSV .
When I click on Open in File dialog CSV file shown comes from browser cache.Every time it shows old csv.I have checked on server the csv file is created new but browser show old files.

Rather than impractical work arounds, you should instead focus on changing the servers cache control settings, provided you are on an apache server, then update your .htaccess file with:
<filesMatch "\.(csv)$">
FileETag None
<ifModule mod_headers.c>
Header unset ETag
Header set Cache-Control "max-age=0, no-cache, no-store, must-revalidate"
Header set Pragma "no-cache"
Header set Expires "Wed, 11 Jan 1984 05:00:00 GMT"
</ifModule>
</filesMatch>
This will switch off caching of .csv files.

A Simple way to avoid that is to add a random string on the end of the file, something like
/YourFile.csv?rnd=4707
or you can place some cache headers to not let it cache, for example
Response.Cache.SetExpires(DateTime.UtcNow.AddYears(-4));
Response.Cache.SetNoStore();
Response.Cache.SetValidUntilExpires(false);
Response.Cache.SetCacheability(HttpCacheability.NoCache);