Make WordPress Core

Opened 8 years ago

Closed 4 years ago

#37709 closed enhancement (fixed)

Referrer on wp-cron API POST requests

Reported by: bucktothebang's profile bucktothebang Owned by:
Milestone: Priority: normal
Severity: normal Version:
Component: Cron API Keywords: needs-patch
Focuses: Cc:

Description

Please consider adding a referrer to wp-cron API POST requests.

Reason being is that 100% of malicious POST requests do not use a referrer. 99.9999% of valid POST requests of course use a referrer. The only one being wp-cron api that does not.

Yes, easy enough to alter a rule set to allow wp-cron to POST, or setup a manual cron. But I see no reason why a referrer cannot be added.

Thanks.

Change History (4)

#1 @swissspidy
8 years ago

  • Summary changed from Refferer on wp-cron API POST requests to Referrer on wp-cron API POST requests

#2 @swissspidy
8 years ago

  • Keywords needs-patch added
  • Version trunk deleted

Happy to look into this when I find some more time. A patch would make it easier to grasp.

#4 @peterwilsoncc
5 years ago

It's worth adding to the note above that wp_remote_post() now includes a UA string of 'WordPress/' . get_bloginfo( 'version' ) . '; ' . get_bloginfo( 'url' ).

A custom UA string can be set by developers using the http_headers_useragent filter to modify it for all requests, or the cron_request filter to modify it for cron requests.

#5 @peterwilsoncc
4 years ago

  • Milestone Awaiting Review deleted
  • Resolution set to fixed
  • Status changed from new to closed

I'm going to close this as WP includes a referrer on all requests.

I'm not sure if this has changed since this ticket was opened but will presume it is the case and close this fixed.

Note: See TracTickets for help on using tickets.