[wp-trac] [WordPress Trac] #62273: Referrer-Policy header missing in login
WordPress Trac
noreply at wordpress.org
Mon Jan 27 14:39:35 UTC 2025
#62273: Referrer-Policy header missing in login
------------------------------------+--------------------------
Reporter: kkmuffme | Owner: johnbillion
Type: defect (bug) | Status: closed
Priority: normal | Milestone: 6.8
Component: Login and Registration | Version: 4.9
Severity: normal | Resolution: fixed
Keywords: has-patch | Focuses:
------------------------------------+--------------------------
Changes (by johnbillion):
* status: reviewing => closed
* resolution: => fixed
Comment:
In [changeset:"59712" 59712]:
{{{
#!CommitTicketReference repository="" revision="59712"
Security: Enable the referrer policy header on the login screen.
This sets the same referrer policy of `strict-origin-when-cross-origin`
that's used in the admin area to prevent a referrer being sent to other
origins. This helps prevent unwanted exposure of potentially sensitive
information that may be contained within the URL.
The header can be disabled if necessary by removing the `wp_admin_headers`
action from the `login_init` hook.
Props kkmuffme, sagarlakhani, albatross10
Fixes #62273
See #42036
}}}
--
Ticket URL: <https://core.trac.wordpress.org/ticket/62273#comment:8>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list