Security: Add a referrer policy header to the admin and login screens.

This sets a referrer policy of `same-origin` which adds hardening by preventing a referrer being sent from the admin area or login screens to other origins. This helps prevent unwanted exposure of potentially sensitive information that may be contained within URLs. This change introduces a new filter, `admin_referrer_policy`, for filtering the referrer policy header value. The header can be disabled if necessary by removing the `wp_admin_headers` action from the `admin_init` and `login_init` hooks. Props joostdevalk Fixes #42036 Built from https://develop.svn.wordpress.org/trunk@41741 git-svn-id: http://core.svn.wordpress.org/trunk@41575 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-10-04 18:25:46 +00:00
parent c03b283f37
commit fbd44ee554
3 changed files with 24 additions and 1 deletions
--- a/wp-includes/version.php
+++ b/wp-includes/version.php
@@ -4,7 +4,7 @@
 *
 * @global string $wp_version
 */
-$wp_version = '4.9-alpha-41740';
+$wp_version = '4.9-alpha-41741';

 /**
 * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.