[wp-meta] [Making WordPress.org] #6058: Logging in to wp.org does not direct you back to the context you were in upon successful login

Making WordPress.org noreply at wordpress.org
Mon Jan 31 00:41:03 UTC 2022 

#6058: Logging in to wp.org does not direct you back to the context you were in
upon successful login
------------------------------------+-----------------------
 Reporter:  bozzmedia               |       Owner:  (none)
     Type:  defect                  |      Status:  reopened
 Priority:  normal                  |   Milestone:
Component:  Login & Authentication  |  Resolution:
 Keywords:                          |
------------------------------------+-----------------------
Changes (by dd32):

 * component:  General => Login & Authentication


Comment:

 This is potentially due to some browser changes around referrers,
 specifically, that I'm not certain login.wordpress.org is the same origin
 as all the other dotorg things where you see the login links.

 https://developers.google.com/web/updates/2020/07/referrer-policy-new-
 chrome-default

 I would like to add `referrerpolicy="no-referrer-when-downgrade"` to login
 links (per https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers
 /Referrer-Policy), but might as well just ensure that all login links
 include the redirect_to, rather than relying upon the referrer, if we're
 going to go through an update/check all login link locations.

 ~7 years ago `<meta name="referrer" content="always">` was added to the
 WordPress.org header, which may have worked for a short time to resolve
 some of this, but was recently removed during the header migration as
 `always` is not a valid value for the field (There were login issue
 reports like this before then) and browsers were flagging it as invalid
 /using-default-instead.
 Restoring that with `unsafe-url` instead would have the original intended
 effect, but I'd prefer to a) Use the HTTP Header instead, and b) use
 `origin-when-cross-origin` instead.

-- 
Ticket URL: <https://meta.trac.wordpress.org/ticket/6058#comment:6>
Making WordPress.org <https://meta.trac.wordpress.org/>
Making WordPress.org

More information about the wp-meta mailing list