[wp-trac] [WordPress Trac] #62273: Referrer-Policy header missing in login
WordPress Trac
noreply at wordpress.org
Tue Dec 31 13:53:04 UTC 2024
#62273: Referrer-Policy header missing in login
------------------------------------+---------------------
Reporter: kkmuffme | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: 6.8
Component: Login and Registration | Version: 4.9
Severity: normal | Resolution:
Keywords: needs-patch | Focuses:
------------------------------------+---------------------
Comment (by albatross10):
Hello @SergeyBiryukov , @johnbillion
Upon further investigation, I did find that the file
https://github.com/WordPress/wordpress-develop/blob/trunk/src/wp-
admin/includes/misc.php is not loaded when wp-login is loaded. So if we
try to add the filter to a file that is loaded during wp-login, it would
still not work.
1. Since this is an important Header, we might want to set it in the
https://github.com/WordPress/wordpress-develop/blob/trunk/src/wp-
login.php#L515. But this would mean we would have to maintain two
different areas for Referer Policy. One for login and one for the admin
scree.
2. I also found that that https://github.com/WordPress/wordpress-
develop/blob/trunk/src/wp-includes/functions.php gets loaded both for
login and admin. We can move the wp_admin_headers to this file and still
have no issues. Then we can call the login_init filter in
https://github.com/WordPress/wordpress-develop/blob/trunk/src/wp-includes
/default-filters.php to set the headers.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/62273#comment:3>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list