Closed. This question is off-topic. It is not currently accepting answers.admin管理员组文章数量:1201414
Your question should be specific to WordPress. Generic PHP/JS/SQL/HTML/CSS questions might be better asked at Stack Overflow or another appropriate Stack Exchange network site. Third-party plugins and themes are off-topic for this site; they are better asked about at their developers' support routes.
Closed 2 years ago.
Improve this questionNot very familiar with WordPress so I'm not sure what's causing this.
Essentially, we have a few image assets stored under wp-content. When we access some assets (i.e. cmssubdomain.apex/wp-content/image.png) we are getting some peculiar behavior around the Referer request header:
- It works if accessed without the Referer header
- It works if accessed with the Referer header as long as the value matches the cms subdomain
- It fails once the Referer header is set to a value different than the subdomain
This is a problem for us as our CMS is hosted under a subdomain (i.e. subdomain1.apex), whereas our main site also acts as a proxy to serve CMS content as a path under the main site (i.e. www.apex/subdomain1/cmspaths).
Now, the browser sets the referer header, and we are getting 404/500 on images if they are viewed through the main site (proxied content from CMS).
Is handling of Referer header a default WordPress behavior, or is it due to some plugin (security? cors?) that was installed? Can anyone point to where valid domains can be whitelisted?
Closed. This question is off-topic. It is not currently accepting answers.Your question should be specific to WordPress. Generic PHP/JS/SQL/HTML/CSS questions might be better asked at Stack Overflow or another appropriate Stack Exchange network site. Third-party plugins and themes are off-topic for this site; they are better asked about at their developers' support routes.
Closed 2 years ago.
Improve this questionNot very familiar with WordPress so I'm not sure what's causing this.
Essentially, we have a few image assets stored under wp-content. When we access some assets (i.e. cmssubdomain.apex.com/wp-content/image.png) we are getting some peculiar behavior around the Referer request header:
- It works if accessed without the Referer header
- It works if accessed with the Referer header as long as the value matches the cms subdomain
- It fails once the Referer header is set to a value different than the subdomain
This is a problem for us as our CMS is hosted under a subdomain (i.e. subdomain1.apex.com), whereas our main site also acts as a proxy to serve CMS content as a path under the main site (i.e. www.apex.com/subdomain1/cmspaths).
Now, the browser sets the referer header, and we are getting 404/500 on images if they are viewed through the main site (proxied content from CMS).
Is handling of Referer header a default WordPress behavior, or is it due to some plugin (security? cors?) that was installed? Can anyone point to where valid domains can be whitelisted?
Share Improve this question asked Apr 28, 2022 at 12:10 AnimaSolaAnimaSola 1131 silver badge4 bronze badges1 Answer
Reset to default 1It has nothing to do with WordPress. Your server is configured to refuse access from other domains. All you need to enable CORS Origin.
This will allow request from other domains. But it will decrease security. You might want to change the * (allow all) to your sub domain. Just put it in your .htaccess file.
<IfModule mod_headers.c>
<FilesMatch "\.(jpg|png|gif)$">
Header set Access-Control-Allow-Origin "*"
</FilesMatch>
</IfModule>
本文标签: security404500 error on content images if Referer header is from another domain
版权声明:本文标题:security - 404500 error on content images if Referer header is from another domain 内容由网友自发贡献,该文观点仅代表作者本人, 转载请联系作者并注明出处:http://www.betaflare.com/web/1738608956a2102519.html, 本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌抄袭侵权/违法违规的内容,一经查实,本站将立刻删除。
发表评论