[wp-trac] [WordPress Trac] #42036: Add same-origin referrer-policy header to WP Admin pages
WordPress Trac
noreply at wordpress.org
Wed Oct 4 18:24:19 UTC 2017
#42036: Add same-origin referrer-policy header to WP Admin pages
------------------------------+--------------------------
Reporter: joostdevalk | Owner: johnbillion
Type: enhancement | Status: closed
Priority: normal | Milestone: 4.9
Component: Security | Version:
Severity: normal | Resolution: fixed
Keywords: has-patch commit | Focuses:
------------------------------+--------------------------
Changes (by johnbillion):
* status: reviewing => closed
* resolution: => fixed
Comment:
In [changeset:"41741"]:
{{{
#!CommitTicketReference repository="" revision="41741"
Security: Add a referrer policy header to the admin and login screens.
This sets a referrer policy of `same-origin` which adds hardening by
preventing a referrer being sent from the admin area or login screens to
other origins. This helps prevent unwanted exposure of potentially
sensitive information that may be contained within URLs.
This change introduces a new filter, `admin_referrer_policy`, for
filtering the referrer policy header value. The header can be disabled if
necessary by removing the `wp_admin_headers` action from the `admin_init`
and `login_init` hooks.
Props joostdevalk
Fixes #42036
}}}
--
Ticket URL: <https://core.trac.wordpress.org/ticket/42036#comment:13>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list