Skip to content

Media: Broaden DIP header to all admin and preview pages#11298

Draft
adamsilverstein wants to merge 2 commits intoWordPress:trunkfrom
adamsilverstein:fix/broaden-dip-header-scope
Draft

Media: Broaden DIP header to all admin and preview pages#11298
adamsilverstein wants to merge 2 commits intoWordPress:trunkfrom
adamsilverstein:fix/broaden-dip-header-scope

Conversation

@adamsilverstein
Copy link
Member

@adamsilverstein adamsilverstein commented Mar 19, 2026

Summary

  • Send Document-Isolation-Policy header on all admin pages (via admin_init) instead of only 4 specific editor screens (load-post.php, load-post-new.php, load-site-editor.php, load-widgets.php)
  • Add new wp_set_up_cross_origin_isolation_for_preview() to send DIP on front-end preview pages (via template_redirect)
  • This keeps all admin navigations and preview popups in the same browser agent cluster, preserving cross-window communication in Chromium 137+

Why

When the editor sends the DIP header but navigated-to pages (previews, template operations, site editor sub-pages) don't, the browser places them in different agent clusters. This breaks cross-window communication (window.opener, popup references) and currently requires 6 Gutenberg E2E test suites to disable client-side media processing entirely.

Test plan

  • Verify PHPUnit tests pass: vendor/bin/phpunit tests/phpunit/tests/media/wpCrossOriginIsolation.php
  • Test editor preview in Chrome 137+ — preview popup should communicate with editor
  • Test site editor template navigation — no agent cluster mismatch errors
  • Test pattern editing — cross-page navigation works
  • Verify third-party page builder escape hatch still works (?action=...)
  • Verify non-upload-capable users don't get the header

@adamsilverstein
Media: Broaden DIP header to all admin and preview pages
c01143d 
Send the Document-Isolation-Policy header on all admin pages
and front-end preview pages instead of only specific editor
screens. This keeps all admin navigations (site editor,
template operations, pattern editing) and preview popups in
the same agent cluster, preserving cross-window communication
in Chromium 137+.
@github-actions
Copy link

github-actions bot commented Mar 19, 2026

Test using WordPress Playground

The changes in this pull request can previewed and tested using a WordPress Playground instance.

WordPress Playground is an experimental project that creates a full WordPress instance entirely within the browser.

Some things to be aware of

  • All changes will be lost when closing a tab with a Playground instance.
  • All changes will be lost when refreshing the page.
  • A fresh instance is created each time the link below is clicked.
  • Every time this pull request is updated, a new ZIP file containing all changes is created. If changes are not reflected in the Playground instance,
    it's possible that the most recent build failed, or has not completed. Check the list of workflow runs to be sure.

For more details about these limitations and more, check out the Limitations page in the WordPress Playground documentation.

Test this pull request with WordPress Playground.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@adamsilverstein