Support » Plugin: Security Headers » Quoting bugs

  • Hello, there is a little bug in the plugin.

    In referrer policy, values are extra quoted

    For example in chrome it says:

    Failed to set referrer policy: The value ‘”origin”‘ is not one of ‘no-referrer’, ‘no-referrer-when-downgrade’, ‘origin’, ‘origin-when-cross-origin’, ‘same-origin’, ‘strict-origin’, ‘strict-origin-when-cross-origin’, or ‘unsafe-url’. The referrer policy has been left unchanged.

    The solution probably is to replace this:

    return $htaccess ? ‘Referrer-Policy “‘.$policy.'”‘ : ‘Referrer-Policy: “‘.$policy.'”‘;

    by this:

    return $htaccess ? ‘Referrer-Policy ‘.$policy : ‘Referrer-Policy: ‘.$policy;

    in core/objects/core.headers.php file

    http headers values should not be quoted. I. e. the lattter one is correct. I think the first might not be understood

    strict-transport-security: “max-age=31536000”
    strict-transport-security: max-age=31536000

    Also, how about adding “preload” option for “strict-transport-security” header?

  • The topic ‘Quoting bugs’ is closed to new replies.