Skip to content

Refactor: add redirect support if referrer is missing #8220

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 8 commits into from
Closed

Refactor: add redirect support if referrer is missing #8220

wants to merge 8 commits into from

Conversation

@yogeshbhutkar
Copy link

@yogeshbhutkar yogeshbhutkar commented Jan 30, 2025
edited
Loading

Trac ticket: https://core.trac.wordpress.org/ticket/62881

Description

Adds a hidden redirect_to field to the password protection form to ensure proper redirection when Referrer-Policy is set to 'no-referrer'. This fixes the issue where users would see a white screen or get redirected to the homepage after entering a correct password.

Previously, the redirect relied solely on wp_get_referer() which fails when:

  • Referrer-Policy is set to 'no-referrer'
  • Direct URL access is used
  • Coming from external domains

Testing Instructions

Tip

Nginx users can add add_header Referrer-Policy "no-referrer"; to set the referrer policy.

  1. Create a password-protected post
  2. Set Referrer-Policy to 'no-referrer' in your server config
  3. Visit the protected post
  4. Enter the correct password
  5. Verify you're redirected back to the post

Screencasts

Before After
before after

This Pull Request is for code review only. Please keep all other discussion in the Trac ticket. Do not merge this Pull Request. See GitHub Pull Requests for Code Review in the Core Handbook for more details.

@github-actions
Copy link

github-actions bot commented Jan 30, 2025
edited
Loading

The following accounts have interacted with this PR and/or linked issues. I will continue to update these lists as activity occurs. You can also manually ask me to refresh this list by adding the props-bot label.

Core Committers: Use this line as a base for the props when committing in SVN:

Props yogeshbhutkar, hbhalodia, mukesh27.

To understand the WordPress project's expectations around crediting contributors, please review the Contributor Attribution page in the Core Handbook.

hbhalodia
hbhalodia suggested changes Jan 30, 2025
View reviewed changes
Copy link

@hbhalodia hbhalodia left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hi @yogeshbhutkar, Can you please review the unrelated changes on this PR?

Thank You,

@yogeshbhutkar yogeshbhutkar marked this pull request as draft January 30, 2025 05:07
@github-actions
Copy link

Test using WordPress Playground

The changes in this pull request can previewed and tested using a WordPress Playground instance.

WordPress Playground is an experimental project that creates a full WordPress instance entirely within the browser.

Some things to be aware of

  • The Plugin and Theme Directories cannot be accessed within Playground.
  • All changes will be lost when closing a tab with a Playground instance.
  • All changes will be lost when refreshing the page.
  • A fresh instance is created each time the link below is clicked.
  • Every time this pull request is updated, a new ZIP file containing all changes is created. If changes are not reflected in the Playground instance,
    it's possible that the most recent build failed, or has not completed. Check the list of workflow runs to be sure.

For more details about these limitations and more, check out the Limitations page in the WordPress Playground documentation.

Test this pull request with WordPress Playground.

mukeshpanchal27
mukeshpanchal27 reviewed Jan 30, 2025
View reviewed changes
@yogeshbhutkar yogeshbhutkar marked this pull request as ready for review January 30, 2025 06:50
hbhalodia
hbhalodia approved these changes Jan 30, 2025
View reviewed changes
Copy link

@hbhalodia hbhalodia left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

mukeshpanchal27
mukeshpanchal27 suggested changes Jan 30, 2025
View reviewed changes
mukeshpanchal27
mukeshpanchal27 reviewed Jan 31, 2025
View reviewed changes
src/wp-includes/post-template.php Outdated
}

$output = '<form action="' . esc_url( site_url( 'wp-login.php?action=postpass', 'login_post' ) ) . '" class="post-password-form' . $class . '" method="post">' . $invalid_password_html . '
$redirect_field = '';
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Move these variable above at line no.1783

@github-actions
Copy link

github-actions bot commented Feb 3, 2025

A commit was made that fixes the Trac ticket referenced in the description of this pull request.

SVN changeset: 59753
GitHub commit: 8711aa5

This PR will be closed, but please confirm the accuracy of this and reopen if there is more work to be done.

@github-actions github-actions bot closed this Feb 3, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@johnbillion johnbillion johnbillion approved these changes

@mukeshpanchal27 mukeshpanchal27 Awaiting requested review from mukeshpanchal27

+1 more reviewer

@hbhalodia hbhalodia hbhalodia approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@yogeshbhutkar @johnbillion @mukeshpanchal27 @hbhalodia