[wp-meta] [Making WordPress.org] #1756: Inconsistent and missing CORS headers on plugin/theme API

Making WordPress.org noreply at wordpress.org
Tue Jun 7 22:07:15 UTC 2016


#1756: Inconsistent and missing CORS headers on plugin/theme API
---------------------------+-----------------
 Reporter:  DavidAnderson  |      Owner:
     Type:  defect         |     Status:  new
 Priority:  normal         |  Milestone:
Component:  API            |   Keywords:
---------------------------+-----------------
 The wordpress.org plugins/themes API is setting CORS headers on
 responses to some calls, but not others... in such a way that even
 exactly the same request, by a different route, will get different
 results. (I'm writing a JavaScript/browser application that interacts
 with the API, and hence needs the headers).

 e.g. do a GET for
 https://api.wordpress.org/plugins/info/1.1/?action=plugin_information&request%5Bslug%5D=akismet

 Result: a CORS header:

    HTTP/1.1 200 OK
    Server: nginx
    Date: Tue, 07 Jun 2016 11:55:43 GMT
    Content-Type: application/json; charset=UTF-8
    Transfer-Encoding: chunked
    Connection: keep-alive
    Vary: Accept-Encoding
    '''Access-Control-Allow-Origin: *'''
    X-Frame-Options: SAMEORIGIN

 but, do a GET for
 https://api.wordpress.org/plugins/info/1.0/akismet.json instead, which
 requests the same data in the same format, and you get these headers,
 resulting in a XMLHttpRequest failure:

    HTTP/1.1 200 OK
    Server: nginx
    Date: Tue, 07 Jun 2016 11:59:10 GMT
    Content-Type: application/json
    Transfer-Encoding: chunked
    Connection: keep-alive
    Vary: Accept-Encoding
    X-Frame-Options: SAMEORIGIN

 Interestingly the Content-Type header varies also.

--
Ticket URL: <https://meta.trac.wordpress.org/ticket/1756>
Making WordPress.org <https://meta.trac.wordpress.org/>
Making WordPress.org


More information about the wp-meta mailing list