[wp-trac] [WordPress Trac] #43308: Alter behavior load-scripts.php and load-styles.php to reduce potentially adverse scenarios
WordPress Trac
noreply at wordpress.org
Wed Feb 14 21:40:48 UTC 2018
#43308: Alter behavior load-scripts.php and load-styles.php to reduce potentially
adverse scenarios
---------------------------+--------------------
Reporter: youngcp | Owner:
Type: enhancement | Status: new
Priority: normal | Milestone: 5.0
Component: Script Loader | Version: 4.9.4
Severity: normal | Resolution:
Keywords: has-patch | Focuses:
---------------------------+--------------------
Comment (by youngcp):
The 301s can be sent with (or without) expiry headers.
The cache surface area is reduced by making the URLs cache friendly.
(uniform; load is unique, sorted)
Multiple URLs pulling the same content won't/can't exist. WAFs will be
happy.
If a plugin can act at that `//TODO`, is there anything left to consider?
The mitigation of DoS attacks is then reasonably possible from 3rd party
plugins.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/43308#comment:12>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list