WordPress.org

Make WordPress Core

Opened 3 years ago

Last modified 4 months ago

#37709 new enhancement

Referrer on wp-cron API POST requests

Reported by: bucktothebang Owned by:
Milestone: Awaiting Review Priority: normal
Severity: normal Version:
Component: Cron API Keywords: needs-patch
Focuses: Cc:
PR Number:

Description

Please consider adding a referrer to wp-cron API POST requests.

Reason being is that 100% of malicious POST requests do not use a referrer. 99.9999% of valid POST requests of course use a referrer. The only one being wp-cron api that does not.

Yes, easy enough to alter a rule set to allow wp-cron to POST, or setup a manual cron. But I see no reason why a referrer cannot be added.

Thanks.

Change History (3)

#1 @swissspidy
3 years ago

  • Summary changed from Refferer on wp-cron API POST requests to Referrer on wp-cron API POST requests

#2 @swissspidy
3 years ago

  • Keywords needs-patch added
  • Version trunk deleted

Happy to look into this when I find some more time. A patch would make it easier to grasp.

#4 @peterwilsoncc
9 months ago

It's worth adding to the note above that wp_remote_post() now includes a UA string of 'WordPress/' . get_bloginfo( 'version' ) . '; ' . get_bloginfo( 'url' ).

A custom UA string can be set by developers using the http_headers_useragent filter to modify it for all requests, or the cron_request filter to modify it for cron requests.

Note: See TracTickets for help on using tickets.