#46025 closed defect (bug) (fixed)
_json_wp_die_handler doesn't handle JSONP request
Reported by: | spacedmonkey | Owned by: | spacedmonkey |
---|---|---|---|
Milestone: | 5.2 | Priority: | normal |
Severity: | normal | Version: | 5.1 |
Component: | Site Health | Keywords: | has-patch needs-testing servehappy |
Focuses: | multisite | Cc: |
Description
Originally raised in #45933 , but the new wp_die
handler _json_wp_die_handler
doesn't support JSONP requests and returns invalid response. The rest api support returning JSONP responses, this handler should too.
Attachments (4)
Change History (28)
This ticket was mentioned in Slack in #core-php by spacedmonkey. View the logs.
6 years ago
This ticket was mentioned in Slack in #core-php by flixos90. View the logs.
6 years ago
#6
@
6 years ago
Added another handler for jsonp. Also add another function wp_is_jsonp_request
.
Can you review please @flixos90
This ticket was mentioned in Slack in #core-php by spacedmonkey. View the logs.
6 years ago
This ticket was mentioned in Slack in #core-php by spacedmonkey. View the logs.
6 years ago
This ticket was mentioned in Slack in #core-php by spacedmonkey. View the logs.
6 years ago
#10
@
6 years ago
The REST API also sends an X-Content-Type-Options: nosniff
header which is accompanied by this doc:
/* * Mitigate possible JSONP Flash attacks. * * https://miki.it/blog/2014/7/8/abusing-jsonp-with-rosetta-flash/ */
Seems this should also be sent in this handler.
#11
@
6 years ago
After feedback from @timothyblynjacobs I have added the following lines to add extra headers.
header( 'X-Content-Type-Options: nosniff' );
header( 'X-Robots-Tag: noindex' );
One fixes cors issue and one is SEO related.
This ticket was mentioned in Slack in #core-php by spacedmonkey. View the logs.
6 years ago
#15
@
6 years ago
- Milestone 5.3 deleted
- Resolution set to invalid
- Status changed from assigned to closed
This ticket is based on the old fatal error recovery mode implementation and will be covered as part of #46130.
This ticket was mentioned in Slack in #core-php by spacedmonkey. View the logs.
6 years ago
#17
@
6 years ago
- Resolution invalid deleted
- Status changed from closed to reopened
Re-opened as still valid and should be another ticket an #46130.
Related: #45933