[wp-meta] [Making WordPress.org] #6058: Logging in to wp.org does not direct you back to the context you were in upon successful login
Making WordPress.org
noreply at wordpress.org
Mon Jan 31 00:41:03 UTC 2022
#6058: Logging in to wp.org does not direct you back to the context you were in
upon successful login
------------------------------------+-----------------------
Reporter: bozzmedia | Owner: (none)
Type: defect | Status: reopened
Priority: normal | Milestone:
Component: Login & Authentication | Resolution:
Keywords: |
------------------------------------+-----------------------
Changes (by dd32):
* component: General => Login & Authentication
Comment:
This is potentially due to some browser changes around referrers,
specifically, that I'm not certain login.wordpress.org is the same origin
as all the other dotorg things where you see the login links.
https://developers.google.com/web/updates/2020/07/referrer-policy-new-
chrome-default
I would like to add `referrerpolicy="no-referrer-when-downgrade"` to login
links (per https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers
/Referrer-Policy), but might as well just ensure that all login links
include the redirect_to, rather than relying upon the referrer, if we're
going to go through an update/check all login link locations.
~7 years ago `<meta name="referrer" content="always">` was added to the
WordPress.org header, which may have worked for a short time to resolve
some of this, but was recently removed during the header migration as
`always` is not a valid value for the field (There were login issue
reports like this before then) and browsers were flagging it as invalid
/using-default-instead.
Restoring that with `unsafe-url` instead would have the original intended
effect, but I'd prefer to a) Use the HTTP Header instead, and b) use
`origin-when-cross-origin` instead.
--
Ticket URL: <https://meta.trac.wordpress.org/ticket/6058#comment:6>
Making WordPress.org <https://meta.trac.wordpress.org/>
Making WordPress.org
More information about the wp-meta
mailing list