[wp-trac] [WordPress Trac] #45477: Disable REST API reflection of request Origin header in response Access-Control-Allow-Origin
WordPress Trac
noreply at wordpress.org
Tue Dec 4 21:06:02 UTC 2018
#45477: Disable REST API reflection of request Origin header in response Access-
Control-Allow-Origin
-----------------------------------+------------------------------
Reporter: BjornW | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: REST API | Version:
Severity: normal | Resolution:
Keywords: has-patch 2nd-opinion | Focuses:
-----------------------------------+------------------------------
Comment (by BjornW):
The last two screenshots show the behaviour after applying my patch. The
Origin header is verified and only if it is found on the safe-list of
allowed http origins the CORS headers are sent. Otherwise the CORS headers
found in rest_send_cors_headers() are not sent.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/45477#comment:2>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list