Return to previous page

SECURITY: UNSAFE CROSS ORIGIN LINKS – CORS POLICY IMPLEMENTATION

This topic has 4 replies, 2 voices, and was last updated 3 months, 4 weeks ago ago by Luca Rossi

khurram virk

Participant

December 10, 2024 at 08:27
dear sir

good day to you!

hope you will be fine, please help us to apply CORS policy.

We got the following code from gemini, please check is it ok?

Using a Code Snippet:

Add the following code to your theme’s functions.php file:

function add_noopener_to_links() { $pattern = '/<a[^>]*target="_blank"[^>]*>/i'; $replacement = '<a$0 rel="noopener">'; $content = ob_get_clean(); $content = preg_replace($pattern, $replacement, $content); ob_start(); echo $content; } add_action('template_redirect', 'add_noopener_to_links');
#427020 Copied Theme version: 9.4.5
3 Answers

Luca Rossi

Support staff

December 10, 2024 at 09:05

Dear @Khurram Virk,

We hope this message finds you well.

Could you kindly clarify your request? Are you looking to have all the target="_blank" attributes removed from the links?

We would greatly appreciate your guidance to better understand what you aim to achieve.

Thank you for your time and assistance.

Best regards,
The 8Theme Team

#427033 Copied

khurram virk

Participant

December 10, 2024 at 10:45

dear sir

greetings!

we have following from screaming frog , there are 503 URLs
https://snipboard.io/fg3dsj.jpg

Description
URLs that link to external websites using the target=”_blank” attribute (to open in a new tab), without using rel=”noopener” (or rel=”noreferrer”) at the same time. Using target=”_blank” alone leaves those pages exposed to both security and performance issues for some legacy browsers, which are estimated to be below 5% of market share. Setting target=”_blank” on elements implicitly provides the same rel behavior as setting rel=”noopener” which does not set window.opener for most modern browsers, such as Chrome, Safari, Firefox and Edge. The external links that contain the target=”_blank” attribute by itself can be viewed in the ‘outlinks’ tab and ‘target’ column. They can be exported alongside the pages they are linked from via ‘Bulk Export > Security > Unsafe Cross-Origin Links’.

How To Fix
Consider the benefits of including the rel=”noopener” link attribute on any links that contain the target=”_blank” attribute to avoid security and performance issues for the users of legacy browsers that may visit the website.

#427055 Copied

Luca Rossi

Support staff

December 11, 2024 at 04:50

Dear @Khurram Virk,

We hope this message finds you well.

After reviewing the matter, we believe that the custom codes may not be necessary. When links are inserted through the editor or when HTML codes are copied, the rel=”noopener” attribute is automatically added, as demonstrated in the following screenshot:

https://prnt.sc/smXg6io9fO3z

Please let us know if you have any further questions or require additional clarification.

Best regards,
The 8Theme Team

#427153 Copied
Viewing 4 results - 1 through 4 (of 4 total)