mirror of
https://github.com/WordPress/WordPress.git
synced 2024-09-28 07:07:38 +02:00
Security: Loosen the admin referrer policy header value to allow the referring host to be sent from the admin area in all cases.
This allows referrer-restricted content from third parties (such as images and fonts) to continue working in the admin area. Props aranwer104, qcmiao Fixes #43285 Merges [42830] to the 4.9 branch. Built from https://develop.svn.wordpress.org/branches/4.9@42831 git-svn-id: http://core.svn.wordpress.org/branches/4.9@42661 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
parent
7546fcc64a
commit
9b7814a4a1
@ -1099,15 +1099,17 @@ function wp_admin_canonical_url() {
|
||||
* @since 4.9.0
|
||||
*/
|
||||
function wp_admin_headers() {
|
||||
$policy = 'same-origin';
|
||||
$policy = 'strict-origin-when-cross-origin';
|
||||
|
||||
/**
|
||||
* Filters the admin referrer policy header value. Default 'same-origin'.
|
||||
* Filters the admin referrer policy header value.
|
||||
*
|
||||
* @since 4.9.0
|
||||
* @since 4.9.5 The default value was changed to 'strict-origin-when-cross-origin'.
|
||||
*
|
||||
* @link https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Referrer-Policy
|
||||
*
|
||||
* @param string $policy The referrer policy header value.
|
||||
* @param string $policy The admin referrer policy header value. Default 'strict-origin-when-cross-origin'.
|
||||
*/
|
||||
$policy = apply_filters( 'admin_referrer_policy', $policy );
|
||||
|
||||
|
@ -4,7 +4,7 @@
|
||||
*
|
||||
* @global string $wp_version
|
||||
*/
|
||||
$wp_version = '4.9.5-alpha-42813';
|
||||
$wp_version = '4.9.5-alpha-42831';
|
||||
|
||||
/**
|
||||
* Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.
|
||||
|
Loading…
Reference in New Issue
Block a user