Opened 13 months ago
Closed 12 months ago
#59987 closed defect (bug) (fixed)
Add port number to target origin in postMessage calls after plugin updates from within the update iframe
Reported by: | TobiasBg | Owned by: | SergeyBiryukov |
---|---|---|---|
Milestone: | 6.5 | Priority: | normal |
Severity: | normal | Version: | 3.9 |
Component: | Upgrade/Install | Keywords: | has-patch |
Focuses: | administration | Cc: |
Description
While doing plugin updates on a local dev site at http://localhost:8001/ (note the non-standard port number) on /wp-admin/update-core.php
, I noticed that the update counter bubble in the admin sidebar does not decrease after a successful update.
Instead, when the iframe in which the updates are running wants to notify the parent (the main window), the browser error log console shows
Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('http://localhost') does not match the recipient window's origin ('http://localhost:8001').
The cause for this is the missing port number in the postMessage
call, causing a same-origin policy violation (protocol, host, and port number have to match).
This call is in https://core.trac.wordpress.org/browser/trunk/src/wp-admin/includes/class-wp-upgrader-skin.php#L243, added in [27280] for #17703 and extended/moved in [29357] for #29054.
The attached patch adds the missing port number, if one is set.
(Pinging @ocean90 as the committer of [29357], as he has touched this code before, and in case he has objections.)
Add missing port number to postMessage call.