[wp-trac] [WordPress Trac] #57752: Improve rest_(allowed|exposed)_cors_headers filters
WordPress Trac
noreply at wordpress.org
Tue Feb 21 12:27:29 UTC 2023
#57752: Improve rest_(allowed|exposed)_cors_headers filters
-------------------------+--------------------------
Reporter: bor0 | Owner: rachelbaker
Type: enhancement | Status: accepted
Priority: normal | Milestone: 6.3
Component: REST API | Version: trunk
Severity: normal | Resolution:
Keywords: has-patch | Focuses:
-------------------------+--------------------------
Changes (by bor0):
* keywords: has-patch reporter-feedback => has-patch
Comment:
Hi @rachelbaker,
We could certainly do the following:
{{{
add_filter( 'rest_post_dispatch', function( $result, $server, $request ) {
$server->send_header( 'Access-Control-Allow-Headers', 'X
-RateLimit-Limit' );
return $result;
}, 10, 3 );
}}}
But the problem is that this will overwrite the existing headers set by
WordPress `WP_REST_Server::serve_request`.
In addition, we cannot get the existing headers from `$server` as the
function `send_header` merely wraps the `header` function and doesn't
store these results anywhere, so we end up having to copy-paste:
{{{
add_filter( 'rest_post_dispatch', function( $result, $server, $request ) {
$allow_headers = array(
'Authorization',
'X-WP-Nonce',
'Content-Disposition',
'Content-MD5',
'Content-Type',
);
$allow_headers[] = 'X-RateLimit-Limit';
$this->send_header( 'Access-Control-Allow-Headers', implode( ', ',
$allow_headers ) );
return $result;
}, 10, 3 );
}}}
--
Ticket URL: <https://core.trac.wordpress.org/ticket/57752#comment:5>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list