[wp-trac] [WordPress Trac] #62273: Referrer-Policy header missing in login
WordPress Trac
noreply at wordpress.org
Tue Oct 22 01:22:56 UTC 2024
#62273: Referrer-Policy header missing in login
--------------------------+-----------------------------
Reporter: kkmuffme | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Security | Version: 4.9
Severity: critical | Keywords:
Focuses: |
--------------------------+-----------------------------
https://github.com/WordPress/wordpress-
develop/commit/bd6ee706d0f47e3be9b5dfb66982f82e9bfda580 from
https://core.trac.wordpress.org/ticket/42036
added the Referrer-Policy header on wp-admin and the login page.
However this does not (and from what I can see) has never worked on wp-
login.
It's hooked to `add_action( 'login_init', 'wp_admin_headers' );` but the
`wp_admin_headers` function is not loaded on the login page, as only gets
loaded in wp-admin.
@johnbillion
--
Ticket URL: <https://core.trac.wordpress.org/ticket/62273>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list