Magento – Magento 2 – Allow frontend run in frame

configurationmagento2system-configuration

I can't find the option to enable this confiuguration on Magento 2:

allow magento frontend to run in frame

on magento 1 was in system > configuration > admin > security

This old post shows how to do on magento 1: old post

Best Answer

Open the env.php file and put

'x-frame-options' => 'SAMEORIGIN',

Magento wants this in env.php because they claim that it’s more secure than setting a value in the Magento Admin.

Possible values for x-frame-options are three

DENY It prevents your site page from being included in an iFrame.

SAMEORIGIN If a parent page is from the same domain as your site page, the site page can be included in the iFrame.

ALLOW-FROM You can specify a single URI that is allowed to frame your site page e.g. ALLOW-FROM http://www.somedomain.com/

Add asterisk If you add an asterisk 'x-frame-options' => '*' it will allow all domains to access your Magento URL in the iframe. NOT RECOMMENDED BUT WORKING

Related Solutions

Magento – How to Force Admin User to Change Password

I went into one of our Enterprise installs to check this.

In app/code/core/Enterprise/Pci/Model/Observer.php there is a function called adminAuthenticate in the Observer.

public function adminAuthenticate($observer)
{

First, it updates the locking information:

    // update locking information regardless whether user locked or not
    if ((!$authResult) && ($user->getId())) {
        $now = time();
        $lockThreshold = $this->getAdminLockThreshold();
        $maxFailures = (int)Mage::getStoreConfig('admin/security/lockout_failures');
        if (!($lockThreshold && $maxFailures)) {
            return;
        }
        $failuresNum = (int)$user->getFailuresNum() + 1;
        if ($firstFailureDate = $user->getFirstFailure()) {
            $firstFailureDate = new Zend_Date($firstFailureDate, Varien_Date::DATETIME_INTERNAL_FORMAT);
            $firstFailureDate = $firstFailureDate->toValue();
        }

Then it determines if the admin account is locked out by checking the lockExpires field from admin_user against the current time.

    // check whether user is locked
    if ($lockExpires = $user->getLockExpires()) {
        $lockExpires = new Zend_Date($lockExpires, Varien_Date::DATETIME_INTERNAL_FORMAT);
        $lockExpires = $lockExpires->toValue();
        if ($lockExpires > time()) {
            throw new Mage_Core_Exception(
                Mage::helper('enterprise_pci')->__('This account is locked.'),
                self::ADMIN_USER_LOCKED
            );
        }
    }

Then it pulls the latest password and checks to see if the admin has to complete a forced password change.

$latestPassword = Mage::getResourceSingleton('enterprise_pci/admin_user')->getLatestPassword($user->getId());
    if ($latestPassword) {
        if ($this->_isLatestPasswordExpired($latestPassword)) {
            if ($this->isPasswordChangeForced()) {
                $message = Mage::helper('enterprise_pci')->__('Your password has expired, you must change it now.');
            } else {
                $myAccountUrl = Mage::getSingleton('adminhtml/url')->getUrl('adminhtml/system_account/');
                $message = Mage::helper('enterprise_pci')->__('Your password has expired, please <a href="%s">change it</a>.', $myAccountUrl);
            }
            Mage::getSingleton('adminhtml/session')->addNotice($message);
            if ($message = Mage::getSingleton('adminhtml/session')->getMessages()->getLastAddedMessage()) {
                $message->setIdentifier('enterprise_pci_password_expired')->setIsSticky(true);
                Mage::getSingleton('admin/session')->setPciAdminUserIsPasswordExpired(true);
            }
        }
    }

If the getPciAdminUserIsPasswordExpired session variable is set, then it is caught in the forceAdminPasswordChange function in controller_action_predispatch.

public function forceAdminPasswordChange($observer)
{
    if (!$this->isPasswordChangeForced()) {
        return;
    }
    $session = Mage::getSingleton('admin/session');
    if (!$session->isLoggedIn()) {
        return;
    }
    $actionList = array('adminhtml_system_account_index', 'adminhtml_system_account_save',
        'adminhtml_index_logout');
    $controller = $observer->getEvent()->getControllerAction();
    if (Mage::getSingleton('admin/session')->getPciAdminUserIsPasswordExpired()) {
        if (!in_array($controller->getFullActionName(), $actionList)) {
            if (Mage::getSingleton('admin/session')->isAllowed('admin/system/myaccount')) {
                $controller->getResponse()->setRedirect(Mage::getSingleton('adminhtml/url')
                        ->getUrl('adminhtml/system_account/'));
                $controller->setFlag('', Mage_Core_Controller_Varien_Action::FLAG_NO_DISPATCH, true);
                $controller->setFlag('', Mage_Core_Controller_Varien_Action::FLAG_NO_POST_DISPATCH, true);
            } else {
                /*
                 * if admin password is expired and access to 'My Account' page is denied
                 * than we need to do force logout with error message
                 */
                Mage::getSingleton('admin/session')->unsetAll();
                Mage::getSingleton('adminhtml/session')->unsetAll();
                Mage::getSingleton('adminhtml/session')->addError(
                    Mage::helper('enterprise_pci')->__('Your password has expired, please contact administrator.')
                );
                $controller->getRequest()->setDispatched(false);
            }
        }
    }

If the Admin user has a forced password flag set and is allowed to access My Account then they'll be able to update their password themselves. If not, then they'll be logged out with the message Your password has expired, please contact administrator.

Magento 2 – How to Change Default Product Image Sizes

Magento uses the file called view.xml which is maintained at the theme level of the application.

So for example, if you are using the default theme luma you should find the view.xml under vendor/magento/theme-frontend-luma/etc/view.xml

In this file, you would see <images/> node inside the <media> node.

<view xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="urn:magento:framework:Config/etc/view.xsd">
    <media>
        <images module="Magento_Catalog">
            <image id="bundled_product_customization_page" type="thumbnail">
                <width>140</width>
                <height>140</height>
            </image>
            <image id="cart_cross_sell_products" type="thumbnail">
                <width>200</width>
                <height>248</height>
            </image>
            <image id="cart_page_product_thumbnail" type="small_image">
                <width>165</width>
                <height>165</height>
            </image>
            ........
        </images>
    </media>
    ......
</view>

The dimension of the images is maintained here under the <image/> node.

The id attribute value of the <image/> node is referenced in the codebase.

For example:

<image id="related_products_list" type="small_image">
    <width>152</width>
    <height>190</height>
</image>

The id value is used in the view file vendor/magento/module-catalog/view/frontend/templates/product/list/items.phtml

case 'related':
    /** @var \Magento\Catalog\Block\Product\ProductList\Related $block */
    if ($exist = $block->getItems()->getSize()) {
        $type = 'related';
        $class = $type;

        $image = 'related_products_list';
        $title = __('Related Products');
        $items = $block->getItems();
        $limit = 0;
        $shuffle = 0;
        $canItemsAddToCart = $block->canItemsAddToCart();

        $showWishlist = true;
        $showCompare = true;
        $showCart = false;
        $templateType = null;
        $description = false;
    }
break;

Here the $image refers to the value of the image size here:

<?php echo $block->getImage($_item, $image)->toHtml(); ?>

In case the theme does not have a view.xml, then it might be using a fallback theme (parent theme) which has the view.xml file.

<theme xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="urn:magento:framework:Config/etc/theme.xsd">
    <title>Magento Luma</title>
    <parent>Magento/blank</parent>
    .....
</theme>

Here Magento/blank is the parent theme.

In case of changing/overwriting the values of the view.xml file you need to completely copy the entire view.xml file to your custom theme and change the values.

view.xml does not have a node value fallback system, means if a value of a node is not present in you custom theme's view.xml it will not fallback to its parent theme's view.xml value, that's why entire file needs to be copied.

Once the values changes have been done, you will have to run

php bin/magento catalog:images:resize

Update: As of Magento 2.4 this command supports synchronous (default) and asynchronous modes. Asynchronous means that images will not be processed immediately on command execution. Using the Magento queue functionality, these images will be scheduled for resizing and then processed in the background. To enable asynchronous mode, use the -a or --async option.

php bin/magento catalog:images:resize -a

To speed up the job while in asynchronous mode, you may manually run several instances of a consumer with the command in each instance:

php bin/magento queue:consumer:start media.storage.catalog.image.resize

Magento 2 frontend architecture

Creating Custom Theme

Image resize properties

Best Answer

Related Solutions

Magento – How to Force Admin User to Change Password

Magento 2 – How to Change Default Product Image Sizes

Related Topic