vhad/wordpress-develop
1
0
Fork 0
mirror of https://github.com/gosticks/wordpress-develop.git synced 2025-10-16 12:05:38 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
37,369 Commits 1 Branch 0 Tags 243 MiB
PHP 80.5%
CSS 9.4%
JavaScript 8.5%
SCSS 0.9%
HTML 0.7%
bd6ee706d0
Go to file
John Blackbourn bd6ee706d0 Security: Add a referrer policy header to the admin and login screens. 
This sets a referrer policy of `same-origin` which adds hardening by preventing a referrer being sent from the admin area or login screens to other origins. This helps prevent unwanted exposure of potentially sensitive information that may be contained within URLs.

This change introduces a new filter, `admin_referrer_policy`, for filtering the referrer policy header value. The header can be disabled if necessary by removing the `wp_admin_headers` action from the `admin_init` and `login_init` hooks.

Props joostdevalk
Fixes #42036


git-svn-id: https://develop.svn.wordpress.org/trunk@41741 602fd350-edb4-49c9-b593-d223f7449a82
2017-10-04 18:24:17 +00:00
src Security: Add a referrer policy header to the admin and login screens. 2017-10-04 18:24:17 +00:00
tests REST API: Return 409 status when attempting to create an existing term. 2017-10-04 16:23:33 +00:00
tools/i18n DOCS: Replace HTTP links with HTTPS. 2016-06-10 04:49:09 +00:00
.editorconfig Use HTTPS URLs for codex.wordpress.org. 2015-04-12 21:28:58 +00:00
.gitignore Embeds: Add oEmbed support for someecards.com. 2017-10-02 19:09:46 +00:00
.jshintrc Build/Test Tools: After [29858], update .jsintrc to use spaces, not tabs. 2017-01-13 04:44:53 +00:00
.travis.yml Build/Test tools: Use the latest in the 4.x and 6.x branches of PHPUnit when running tests on Travis. 2017-08-22 16:08:33 +00:00
Gruntfile.js Tools: enable Grunt precommit task to run without requiring SVN or GIT. 2017-10-03 15:19:23 +00:00
jsdoc.conf.json Docs: Add jsdoc.conf.json JSDOC configuration file. 2017-09-11 13:13:40 +00:00
package.json Docs: JSDoc improvements for namespaces. 2017-09-08 18:41:20 +00:00
phpunit.xml.dist Tests: Rename ignored tests in phpunit.xml.dist. 2017-08-18 10:26:50 +00:00
wp-cli.yml Remove debug mode from WP-CLI by default, as it now outputs too much debugging information to be of use during normal development. 2015-11-28 18:36:06 +00:00
wp-config-sample.php Lightly clean up and improve inline documentation in wp-config-sample.php. 2015-05-10 00:05:30 +00:00
wp-tests-config-sample.php General: Improve terminology used when referring to installations of WordPress and its extensions. 2017-08-22 11:51:11 +00:00