[wp-trac] [WordPress Trac] #42036: Add same-origin referrer-policy header to WP Admin pages
WordPress Trac
noreply at wordpress.org
Tue Oct 3 13:10:08 UTC 2017
#42036: Add same-origin referrer-policy header to WP Admin pages
-------------------------------------+--------------------------
Reporter: joostdevalk | Owner: joostdevalk
Type: enhancement | Status: assigned
Priority: normal | Milestone: 4.9
Component: Security | Version:
Severity: normal | Resolution:
Keywords: has-patch needs-refresh | Focuses:
-------------------------------------+--------------------------
Changes (by johnbillion):
* keywords: has-patch commit => has-patch needs-refresh
Comment:
+1 for this from me, but I think the header should be output on a hook so
it can be unhooked in case a site owner wants to implement an even more
strict referrer policy. After a cursory glance, it looks like `admin_init`
might be the only existing hook that's appropriate. Or a new action could
be added to the top of `wp-admin/admin-header.php`.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/42036#comment:7>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list