[wp-trac] [WordPress Trac] #21024: send_origin_headers for admin-ajax
WordPress Trac
wp-trac at lists.automattic.com
Wed Jun 20 14:27:16 UTC 2012
#21024: send_origin_headers for admin-ajax
-------------------------+------------------
Reporter: batmoo | Owner:
Type: enhancement | Status: new
Priority: normal | Milestone: 3.5
Component: General | Version:
Severity: normal | Resolution:
Keywords: |
-------------------------+------------------
Comment (by nacin):
send_origin_headers() already sends `Access-Control-Allow-Credentials:
true` automatically, so that's easy.
In order to get around the check for `$_REQUEST['action']` we could detect
the OPTIONS request, or if just move the check to after wp-load.php and
send_origin_headers().
I wonder if send_origin_headers() should be issuing a die() if the request
method is OPTIONS. Otherwise, I'm pretty sure, we risk executing a request
twice. Not a big issue when dealing with previews in the customizer, but
certainly a problem with many/most/all ajax requests.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/21024#comment:2>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list