Opened 5 months ago
#63940 new defect (bug)
Prevent POST flood cache bypass attacks
| Reported by: |
|
Owned by: | |
|---|---|---|---|
| Milestone: | Awaiting Review | Priority: | normal |
| Severity: | normal | Version: | 6.8.2 |
| Component: | Security | Keywords: | |
| Focuses: | Cc: |
Description
When a POST request is sent to a regular page with no data/body, a 200 response containing the page content is returned just like with a GET request.
We have seen such requests being used to bypass our caching system.
Would it be possible for WP to return 405 when a page isn’t supposed to receive POST requests?
Note: See
TracTickets for help on using
tickets.