[wp-meta] [Making WordPress.org] #1756: Inconsistent and missing CORS headers on plugin/theme API
Making WordPress.org
noreply at wordpress.org
Tue Jun 7 22:07:15 UTC 2016
#1756: Inconsistent and missing CORS headers on plugin/theme API
---------------------------+-----------------
Reporter: DavidAnderson | Owner:
Type: defect | Status: new
Priority: normal | Milestone:
Component: API | Keywords:
---------------------------+-----------------
The wordpress.org plugins/themes API is setting CORS headers on
responses to some calls, but not others... in such a way that even
exactly the same request, by a different route, will get different
results. (I'm writing a JavaScript/browser application that interacts
with the API, and hence needs the headers).
e.g. do a GET for
https://api.wordpress.org/plugins/info/1.1/?action=plugin_information&request%5Bslug%5D=akismet
Result: a CORS header:
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 07 Jun 2016 11:55:43 GMT
Content-Type: application/json; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
'''Access-Control-Allow-Origin: *'''
X-Frame-Options: SAMEORIGIN
but, do a GET for
https://api.wordpress.org/plugins/info/1.0/akismet.json instead, which
requests the same data in the same format, and you get these headers,
resulting in a XMLHttpRequest failure:
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 07 Jun 2016 11:59:10 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Frame-Options: SAMEORIGIN
Interestingly the Content-Type header varies also.
--
Ticket URL: <https://meta.trac.wordpress.org/ticket/1756>
Making WordPress.org <https://meta.trac.wordpress.org/>
Making WordPress.org
More information about the wp-meta
mailing list