WordPress.org

Make WordPress Core

Opened 4 weeks ago

Closed 4 weeks ago

Last modified 4 weeks ago

#43843 closed defect (bug) (fixed)

Set nocache_headers in wp-signup.php

Reported by: herregroen Owned by: SergeyBiryukov
Milestone: 4.9.6 Priority: normal
Severity: normal Version: trunk
Component: Login and Registration Keywords: has-patch
Focuses: multisite Cc:

Description

Currently no cache headers are being set on wp-signup.php.

This can lead to nonces being cached and still being served even when they've become invalid.

nocache_headers(); should be called in this file.

Attachments (1)

signup_cache_headers.patch (459 bytes) - added by herregroen 4 weeks ago.

Download all attachments as: .zip

Change History (4)

#1 @SergeyBiryukov
4 weeks ago

  • Milestone changed from Awaiting Review to 4.9.6
  • Owner set to SergeyBiryukov
  • Status changed from new to reviewing

#2 @SergeyBiryukov
4 weeks ago

  • Resolution set to fixed
  • Status changed from reviewing to closed

In 43030:

Login and Registration: Send nocache_headers() on Multisite signup pages.

Props herregroen.
Fixes #43843.

#3 @SergeyBiryukov
4 weeks ago

In 43031:

Login and Registration: Send nocache_headers() on Multisite signup pages.

Props herregroen.
Merges [43030] to the 4.9 branch.
Fixes #43843.

Note: See TracTickets for help on using tickets.