Opened 6 years ago
Last modified 6 years ago
#47170 new defect (bug)
wp_sensitive_page_meta breaks login on iPad devices
Reported by: | madhazelnut | Owned by: | |
---|---|---|---|
Milestone: | Awaiting Review | Priority: | normal |
Severity: | major | Version: | 5.0 |
Component: | Login and Registration | Keywords: | |
Focuses: | Cc: |
Description
iPad Safari will throw a
Failed to set referrer policy: The value 'strict-origin-when-cross-origin' is not one of 'no-referrer', 'origin', 'no-referrer-when-downgrade', or 'unsafe-url'. Defaulting to 'no-referrer'.
on wp-login.php page because it does not understand strict-origin-when-cross-origin value for the referer policy.
This effectively breaks the login completely at least on nginx sites.
Present starting with 4.9.10 (5.0.0 if chronologically).
Change History (3)
#2
@
6 years ago
Rectification about the severity: it happens to completely break login when nginx is configured with mod_sec or anything else that blocks access to wp-login.php without a referrer string. Outside those cases it will just throw a browser console error, but the login will continue to function.
#3
@
6 years ago
Haven't tested to confirm, but may see that error in Edge, IE and iOS Safari based on browser support for that directive: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Referrer-Policy#Browser_compatibility
Introduced in [44021].