[wp-trac] [WordPress Trac] #42036: Add same-origin referrer-policy header to WP Admin pages
WordPress Trac
noreply at wordpress.org
Mon Jan 27 14:39:35 UTC 2025
#42036: Add same-origin referrer-policy header to WP Admin pages
------------------------------+--------------------------
Reporter: joostdevalk | Owner: johnbillion
Type: enhancement | Status: closed
Priority: normal | Milestone: 4.9
Component: Security | Version:
Severity: normal | Resolution: fixed
Keywords: has-patch commit | Focuses:
------------------------------+--------------------------
Comment (by johnbillion):
In [changeset:"59712" 59712]:
{{{
#!CommitTicketReference repository="" revision="59712"
Security: Enable the referrer policy header on the login screen.
This sets the same referrer policy of `strict-origin-when-cross-origin`
that's used in the admin area to prevent a referrer being sent to other
origins. This helps prevent unwanted exposure of potentially sensitive
information that may be contained within the URL.
The header can be disabled if necessary by removing the `wp_admin_headers`
action from the `login_init` hook.
Props kkmuffme, sagarlakhani, albatross10
Fixes #62273
See #42036
}}}
--
Ticket URL: <https://core.trac.wordpress.org/ticket/42036#comment:15>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list