Make WordPress Core

Opened 6 weeks ago

Last modified 6 weeks ago

#62273 new defect (bug)

Referrer-Policy header missing in login

Reported by: kkmuffme's profile kkmuffme Owned by:
Milestone: 6.8 Priority: normal
Severity: normal Version: 4.9
Component: Login and Registration Keywords: needs-patch
Focuses: Cc:

Description (last modified by SergeyBiryukov)

[41741] from #42036 added the Referrer-Policy header on wp-admin and the login page.

However this does not (and from what I can see) has never worked on wp-login.
It's hooked to add_action( 'login_init', 'wp_admin_headers' ); but the wp_admin_headers function is not loaded on the login page, as only gets loaded in wp-admin.

@johnbillion

Change History (2)

#1 @SergeyBiryukov
6 weeks ago

  • Description modified (diff)
  • Milestone changed from Awaiting Review to 6.8

#2 @johnbillion
6 weeks ago

  • Component changed from Security to Login and Registration
  • Keywords needs-patch added
  • Severity changed from critical to normal

I concur that it looks like this has never worked on the login screen because admin-filters.php isn't loaded there and the wp_admin_headers() function isn't loaded there either.

Note: See TracTickets for help on using tickets.