[wp-trac] [WordPress Trac] #57809: Application password success_url should allow http when host is localhost or localhost:port
WordPress Trac
noreply at wordpress.org
Tue Mar 24 00:33:15 UTC 2026
#57809: Application password success_url should allow http when host is localhost
or localhost:port
--------------------------------------+------------------------------
Reporter: aquarius | Owner: (none)
Type: enhancement | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Application Passwords | Version:
Severity: normal | Resolution:
Keywords: has-patch has-unit-tests | Focuses:
--------------------------------------+------------------------------
Changes (by pento):
* keywords: dev-feedback has-patch has-unit-tests => has-patch has-unit-
tests
Comment:
With the proliferation of MCPs and such, allowing local LLM agents to
interact directly with remote APIs, I'm inclined to think it's time for
this fix to land.
Per the RFC, this is considered safe, since requests to the loopback
interface never leave the local machine, so aren't susceptible to network-
based sniffing.
I've updated the original patch concept to apply cleanly, and added unit
tests.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/57809#comment:11>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list