Perhaps some plugin is messing with the redirection?
If you install https://wordpress.org/plugins/health-check/ then you could use its troubleshooting functionality to test if the same behavior disappears when most plugins are disabled. The good thing is that the plugins you disable for this troubleshooting will be disabled only in your session and not for other visitors to the site.
This should allow you to figure out which culprit is the culprit. (I’d start by trying plugins that in various ways change how the admin interface behaves.)
Hi @tobifjellner,
Thanks for your answer. It made me think about what I should have done from the start. Check all plugins one by one and after finding the culprit, checking all the code that is in there.
Where things go wrong is here:
In the action hook send_headers I do:
$rp = 'origin';
header("Referrer-Policy: " . $rp );
This is causing the problems.
If I specify ‘no-referrer’ things are alright. Leaving this header out altogether is also OK.
The only problem I now have is why this is working out as it does. Anybody here that knows why?
For now I’ll see what other options are there that fit what I want and that work out nicely while deleting posts.
Thanks so far.
Perhaps you could omit this thing when is_admin is set?
That sounds like a great idea.
It does leave me with the uneasy feeling that things go wrong in certain conditions, and I don’t know why.
So, if someone knows more about this, feel free to post it here. If nothing new comes up in the coming days, I’ll close this thread.
Thanks @tobifjellner!
Hehe. You can can mark it as resolved. But in order to close it, you’d need to be a moderator 🙂
As I understand https://web.dev/same-site-same-origin/#origin the “origin” parameter means that the referrer field from the browser will ONLY include the base URL of your site. So when this action is received and handled, if the handler forwards to whatever URL was in the “referer” field, then you’ll end up on the public side of your site.
Thanks @tobifjellner. I’ll set this to resolved for now. I need to do a little more digging. I am wondering why the delete function forwards to the referrer field (as it seems to do), but I’ll let that problem simmer for a while. Got other things to do now. And I can go on, at least for now…
Thanks!
🙂