Title: Quoting bug Last modified: December 16, 2019 --- # Quoting bug * Resolved [srtydrts](https://wordpress.org/support/users/srtydrts/) * (@srtydrts) * [6 years, 5 months ago](https://wordpress.org/support/topic/quoting-bug/) * Hello, * there is a little bug in the plugin. * 1) In referrer policy, values are extra quoted * For example in chrome it says: * `Failed to set referrer policy: The value ‘”origin”‘ is not one of ‘no-referrer’,‘ no-referrer-when-downgrade’, ‘origin’, ‘origin-when-cross-origin’, ‘same-origin’,‘ strict-origin’, ‘strict-origin-when-cross-origin’, or ‘unsafe-url’. The referrer policy has been left unchanged.` * The solution probably is to replace this: * `return $htaccess ? ‘Referrer-Policy “‘.$policy.'”‘ : ‘Referrer-Policy: “‘.$policy.'”‘;` * by this: * `return $htaccess ? ‘Referrer-Policy ‘.$policy : ‘Referrer-Policy: ‘.$policy;` * in core/objects/core.headers.php file * 2) http headers values should not be quoted as well. I. e. the latter one is correct. I think the first might not be understood by a web browsers: * ``` strict-transport-security: “max-age=31536000” strict-transport-security: max-age=31536000 ``` * 3) Also, how about adding “preload” option for “strict-transport-security” header? * thanks! Viewing 4 replies - 1 through 4 (of 4 total) * Plugin Author [Milan Petrovic](https://wordpress.org/support/users/gdragon/) * (@gdragon) * [6 years, 5 months ago](https://wordpress.org/support/topic/quoting-bug/#post-12268210) * Thabks for reporting, but I can’t reproduce the issue. I will test some more. * Thread Starter [srtydrts](https://wordpress.org/support/users/srtydrts/) * (@srtydrts) * [6 years, 5 months ago](https://wordpress.org/support/topic/quoting-bug/#post-12268969) * You don’t need to reproduce it – I wrote where exactly to fix it. Here is a diff of what I use: * ``` @@ -78,10 +78,10 @@ $max_age = gdsih_settings()->get('strict_transport_security_max_age', 'headers'); if (gdsih_settings()->get('strict_transport_security_extra', 'headers') == 'includeSubDomains') { - $max_age.= '; includeSubDomains'; + $max_age.= '; includeSubDomains; preload'; } - return $htaccess ? 'Strict-Transport-Security "max-age='.$max_age.'"' : 'Strict-Transport-Security: "max-age='.$max_age.'"'; + return $htaccess ? 'Strict-Transport-Security max-age='.$max_age.'' : 'Strict-Transport-Security: max-age='.$max_age.''; } private function _generate_referrer_policy($htaccess = false) { @@ -93,6 +93,6 @@ $policy = 'no-referrer-when-downgrade'; } - return $htaccess ? 'Referrer-Policy "'.$policy.'"' : 'Referrer-Policy: "'.$policy.'"'; + return $htaccess ? 'Referrer-Policy '.$policy.'' : 'Referrer-Policy: '.$policy.''; } } ``` * Anonymous User 15232381 * (@anonymized-15232381) * [6 years, 3 months ago](https://wordpress.org/support/topic/quoting-bug/#post-12417944) * Hi Milan, * Any progress on the quotes issue? * Best regards, Peter * Plugin Author [Milan Petrovic](https://wordpress.org/support/users/gdragon/) * (@gdragon) * [6 years ago](https://wordpress.org/support/topic/quoting-bug/#post-12804571) * Fixed in 1.3. Viewing 4 replies - 1 through 4 (of 4 total) The topic ‘Quoting bug’ is closed to new replies. * ![](https://ps.w.org/gd-security-headers/assets/icon.svg?rev=2889275) * [GD Security Headers](https://wordpress.org/plugins/gd-security-headers/) * [Frequently Asked Questions](https://wordpress.org/plugins/gd-security-headers/#faq) * [Support Threads](https://wordpress.org/support/plugin/gd-security-headers/) * [Active Topics](https://wordpress.org/support/plugin/gd-security-headers/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/gd-security-headers/unresolved/) * [Reviews](https://wordpress.org/support/plugin/gd-security-headers/reviews/) * 4 replies * 3 participants * Last reply from: [Milan Petrovic](https://wordpress.org/support/users/gdragon/) * Last activity: [6 years ago](https://wordpress.org/support/topic/quoting-bug/#post-12804571) * Status: resolved