File tree Expand file tree Collapse file tree
Expand file tree Collapse file tree Original file line number Diff line number Diff line change 1+ Significance: patch
2+ Type: fixed
3+
4+ Send private, no-cache headers on the record preview so a caching layer cannot store a logged-in preview and show it to other visitors.
Original file line number Diff line number Diff line change @@ -77,6 +77,9 @@ public static function render(): void {
7777 }
7878
7979 if ( ! is_supported_post_type ( $ post ->post_type ) ) {
80+ // No-cache this exit too, so a fronting cache can't pin the 404
81+ // for a post type later added to the syncable allowlist.
82+ \nocache_headers ();
8083 \status_header ( 404 );
8184 exit ;
8285 }
@@ -273,6 +276,16 @@ private static function unsupported_type_error( array $types ): \WP_Error {
273276 * @param array|\WP_Error $payload Preview payload or error.
274277 */
275278 private static function send ( array |\WP_Error $ payload ): void {
279+ /*
280+ * The preview is served on a public front-end URL but carries
281+ * per-object, `edit_post`-gated data (the post's custom Bluesky
282+ * text, third-party preview-transformer output). Send no-cache
283+ * headers on every branch so a URL-keyed edge/page cache cannot
284+ * retain an authorized projection and replay it to a later
285+ * unauthorized visitor — mirroring the well-known handlers.
286+ */
287+ \nocache_headers ();
288+
276289 if ( \is_wp_error ( $ payload ) ) {
277290 \status_header ( 400 );
278291 $ payload = array (
You can’t perform that action at this time.
0 commit comments