Opened 8 years ago
Closed 4 years ago
#37709 closed enhancement (fixed)
Referrer on wp-cron API POST requests
Reported by: | bucktothebang | Owned by: | |
---|---|---|---|
Milestone: | Priority: | normal | |
Severity: | normal | Version: | |
Component: | Cron API | Keywords: | needs-patch |
Focuses: | Cc: |
Description
Please consider adding a referrer to wp-cron API POST requests.
Reason being is that 100% of malicious POST requests do not use a referrer. 99.9999% of valid POST requests of course use a referrer. The only one being wp-cron api that does not.
Yes, easy enough to alter a rule set to allow wp-cron to POST, or setup a manual cron. But I see no reason why a referrer cannot be added.
Thanks.
Change History (4)
#1
@
8 years ago
- Summary changed from Refferer on wp-cron API POST requests to Referrer on wp-cron API POST requests
#4
@
6 years ago
It's worth adding to the note above that wp_remote_post()
now includes a UA string of 'WordPress/' . get_bloginfo( 'version' ) . '; ' . get_bloginfo( 'url' )
.
A custom UA string can be set by developers using the http_headers_useragent
filter to modify it for all requests, or the cron_request
filter to modify it for cron requests.
Happy to look into this when I find some more time. A patch would make it easier to grasp.