- Close the iframe immediately on successful login.
- Catch iframe origin exceptions in WebKit when there is a server error or another page is loaded in the iframe.
See #23295.
git-svn-id: https://develop.svn.wordpress.org/trunk@24655 602fd350-edb4-49c9-b593-d223f7449a82
- Update the heartbeat nonce when refreshing nonces on the Edit Post screen.
- After a user logs in from the auth-check dialog, speed up heatrbeat to check/refresh nonces on the Edit Post screen.
- Speeding up heartbeat: bring back the setting how long it should last (how many ticks).
- Add 'heartbeat-nonces-expired' jQuery event when nonces have expired and the user is logged in.
See #23295, see #23216.
git-svn-id: https://develop.svn.wordpress.org/trunk@24528 602fd350-edb4-49c9-b593-d223f7449a82
- Don't use <base> tag to set target="_blank". It can break form submission. Instead, set target only on links with JS.
- Fix same domain comparison in wp_auth_check_html() when FORCE_SSL_LOGIN == true.
- Properly show/hide the "Close" button when the dialog is shown multiple times.
See #23295
git-svn-id: https://develop.svn.wordpress.org/trunk@24208 602fd350-edb4-49c9-b593-d223f7449a82
- Don't remove login error messages coming from wp_signon().
- When the login form is shown in iframe, open all links in a new tab/window.
- Add filter for the login form error message.
See #23295
git-svn-id: https://develop.svn.wordpress.org/trunk@24179 602fd350-edb4-49c9-b593-d223f7449a82
- The login page has "X-Frame-Options: DENY" header.
- Cross-domain when displaying on the front-end on multisite with domain mapping.
- The site forces ssl login but not ssl admin.
Add onbeforeunload prompt to counter (frame-busting) JS redirects. Move the JS and CSS into separate files. See #23295.
git-svn-id: https://develop.svn.wordpress.org/trunk@23805 602fd350-edb4-49c9-b593-d223f7449a82
