Issues with strict MIME type checking enabled

Resolved

(@ivanblagdan)

When the header “X-Content-Type-Options: nosniff” is supplied, the remote JS login functionality fails because the response from the load action is transferred as text/html.
The response should be transferred as “application/javascript” by setting the proper headers prior to output.

Here’s the diff:

diff --git a/wordpress-mu-domain-mapping/domain_mapping.php b/wordpress-mu-domain-mapping/domain_mapping.php
index 2241b15..6fa06c9 100644
--- a/wordpress-mu-domain-mapping/domain_mapping.php
+++ b/wordpress-mu-domain-mapping/domain_mapping.php
@@ -736,6 +736,7 @@ function remote_login_js() {
      $key = md5( time() . mt_rand() );
      $wpdb->query( $wpdb->prepare( "INSERT INTO {$wpdb->dmtablelogins} ( <code>id</code>, <code>user_id</code>, <code>blog_id</code>, <code>t</code> ) VALUES( %s, %d, %d, NOW() )", $key, $current_user->ID, $_GET[ 'blogid' ] ) );
      $url = add_query_arg( array( 'action' => 'login', 'dm' => $hash, 'k' => $key, 't' => mt_rand() ), $_GET[ 'back' ] );
+     header('Content-Type: application/javascript');
      echo "window.location = '$url'";
      exit;
    } elseif ( $_GET[ 'action' ] == 'login' ) {

https://wordpress.org/plugins/wordpress-mu-domain-mapping/

Viewing 2 replies - 1 through 2 (of 2 total)

Plugin Author Ron Rennick
(@wpmuguru)

9 years ago

Thanks – https://plugins.trac.wordpress.org/changeset/1144042/wordpress-mu-domain-mapping

Thread Starter ivanblagdan
(@ivanblagdan)

9 years ago

Thank you for the plugin 😀

Viewing 2 replies - 1 through 2 (of 2 total)

The topic ‘Issues with strict MIME type checking enabled’ is closed to new replies.

Tags