[wp-trac] [WordPress Trac] #50441: Allow CORS for RSS feed
WordPress Trac
noreply at wordpress.org
Sun Jun 21 09:06:42 UTC 2020
#50441: Allow CORS for RSS feed
----------------------------------+------------------------------
Reporter: stokito | Owner: (none)
Type: enhancement | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Feeds | Version:
Severity: normal | Resolution:
Keywords: needs-privacy-review | Focuses: javascript
----------------------------------+------------------------------
Comment (by stokito):
Interesting plugin, I think I can port it's logic to Java. In the same
time I'm pretty sure that just closing <img> attack vector will be fair
enough. Anyway this is something out of the scope of the task and we
should create a separate ticket for this.
Since you an author of Fast404, could you create such ticket to merge it's
functionality into WP core?
> If an RSS feed contains private content that is determined by a cookie
I'm pretty sure that WP doesn't have personal Atom/RSS feeds. But when
they'll be implemented then all security measures should be applied.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/50441#comment:4>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list