WordPress.org

Make WordPress Core

Ticket #43285: changeset_41741.diff

File changeset_41741.diff, 1.5 KB (added by qcmiao, 22 months ago)
  • trunk/src/wp-admin/includes/admin-filters.php

     
    3939
    4040// Misc hooks.
     41add_action( 'admin_init', 'wp_admin_headers'         );
     42add_action( 'login_init', 'wp_admin_headers'         );
    4143add_action( 'admin_head', 'wp_admin_canonical_url'   );
    4244add_action( 'admin_head', 'wp_color_scheme_settings' );
  • trunk/src/wp-admin/includes/misc.php

     
    921921
    922922/**
     923 * Send a referrer policy header so referrers are not sent externally from administration screens.
     924 *
     925 * @since 4.9.0
     926 */
     927function wp_admin_headers() {
     928        $policy = 'same-origin';
     929
     930        /**
     931         * Filters the admin referrer policy header value. Default 'same-origin'.
     932         *
     933         * @since 4.9.0
     934         * @link https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Referrer-Policy
     935         *
     936         * @param string $policy The referrer policy header value.
     937         */
     938        $policy = apply_filters( 'admin_referrer_policy', $policy );
     939
     940        header( sprintf( 'Referrer-Policy: %s', $policy ) );
     941}
     942
     943/**
    923944 * Outputs JS that reloads the page if the user navigated to it with the Back or Forward button.
    924945 *