[wp-trac] [WordPress Trac] #59987: Add port number to target origin in postMessage calls after plugin updates from within the update iframe
WordPress Trac
noreply at wordpress.org
Wed Nov 29 20:05:47 UTC 2023
#59987: Add port number to target origin in postMessage calls after plugin updates
from within the update iframe
-----------------------------+-----------------------
Reporter: TobiasBg | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: 6.5
Component: Upgrade/Install | Version: 3.9
Severity: normal | Keywords: has-patch
Focuses: administration |
-----------------------------+-----------------------
While doing plugin updates on a local dev site at http://localhost:8001/
(note the non-standard port number) on `/wp-admin/update-core.php`, I
noticed that the update counter bubble in the admin sidebar does not
decrease after a successful update.
Instead, when the iframe in which the updates are running wants to notify
the parent (the main window), the browser error log console shows
{{{
Failed to execute 'postMessage' on 'DOMWindow':
The target origin provided ('http://localhost') does not match the
recipient window's origin ('http://localhost:8001').
}}}
The cause for this is the missing port number in the `postMessage` call,
causing a same-origin policy violation (protocol, host, and port number
have to match).
This call is in https://core.trac.wordpress.org/browser/trunk/src/wp-
admin/includes/class-wp-upgrader-skin.php#L243, added in [27280] for
#17703 and extended/moved in [29357] for #29054.
The attached patch adds the missing port number, if one is set.
(Pinging @ocean90 as the committer of [29357], as he has touched this code
before, and in case he has objections.)
--
Ticket URL: <https://core.trac.wordpress.org/ticket/59987>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list