[wp-trac] [WordPress Trac] #46025: _json_wp_die_handler doesn't handle JSONP request
WordPress Trac
noreply at wordpress.org
Mon Jan 28 17:35:44 UTC 2019
#46025: _json_wp_die_handler doesn't handle JSONP request
------------------------------------------------+--------------------------
Reporter: spacedmonkey | Owner:
| spacedmonkey
Type: defect (bug) | Status: assigned
Priority: normal | Milestone: 5.1
Component: Bootstrap/Load | Version: trunk
Severity: normal | Resolution:
Keywords: has-patch needs-testing servehappy | Focuses: multisite
------------------------------------------------+--------------------------
Comment (by TimothyBlynJacobs):
The REST API also sends an `X-Content-Type-Options: nosniff` header which
is accompanied by this doc:
{{{
/*
* Mitigate possible JSONP Flash attacks.
*
* https://miki.it/blog/2014/7/8/abusing-jsonp-with-rosetta-flash/
*/
}}}
Seems this should also be sent in this handler.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/46025#comment:10>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list