manu225
commented
4 months ago I just see your created this post specifically for license feedback: https://github.com/YahnisElsts/plugin-update-checker/issues/222 Tell me if you prefer i post over there?
Closed manu225 closed 4 months ago
manu225
commented
4 months ago I just see your created this post specifically for license feedback: https://github.com/YahnisElsts/plugin-update-checker/issues/222 Tell me if you prefer i post over there?
YahnisElsts
commented
4 months ago If you mean the download request that happens when the user installs an update, that's handled by WordPress core, not by PUC. The update checker just gives WordPress the download URL and other update information.
A comment in WP docs suggests that the Referer header isn't set by default:
https://developer.wordpress.org/reference/functions/wp_remote_get/#comment-4098
I took a quick look at wp-includes/class-wp-http.php and it seems that the comment is correct: there are no mentions of referer or referrer anywhere in the file.
So if you want to set the referrer, you'll probably have to do it yourself. For example, you could try using the http_request_args filter to add the header to outgoing requests. Just be careful to do it only for your own URLs, not all requests.
manu225
commented
4 months ago Thanks for your answer. So i suppose there was something changed in Wordpress core cause in the past the referer was always passed by default. I'll check the links and see if i can change that.
manu225
commented
4 months ago It work with http_request_args :) I did something like that:
function add_referer_check_license($parsed_args, $url) { if(str_contains($url, 'https://my_url.xxxx/check.php')) $parsed_args['headers']['referer'] = home_url(); return $parsed_args; } add_filter( "http_request_args", "add_referer_check_license", 10, 2 );
Hi,
I don't know if this issue come from plugin-update-checker or Wordpress himself, but i didn't found any solution so i post here. I use a license manager on my Woocommerce site to sell pro plugins. The customer get a license key for the plugin he bought that is checked by a script i've made (and that is binding the domain of the website to the license key). After that, when the customer try to download an update of the plugin, the script just check the license key and the domain before allowing the download. But since a few month i just realized that the referer is now always empty on the call coming from Wordpress update page. So i can't check from which domain come the call. I just updated to the PUC v5.4 but the issue still here (i tried both $_SERVER['HTTP_REFERER'] and wp_get_referer() function and on 3 different hosting). So I have temporary disabled this security but it's useful for me to avoid multiple use of 1 license. If someone as the solution for this?
Thanks for reading!