[wp-trac] [WordPress Trac] #21024: send_origin_headers for admin-ajax

WordPress Trac wp-trac at lists.automattic.com
Wed Jun 20 10:07:11 UTC 2012


#21024: send_origin_headers for admin-ajax
-------------------------+-----------------------------
 Reporter:  batmoo       |      Owner:
     Type:  enhancement  |     Status:  new
 Priority:  normal       |  Milestone:  Awaiting Review
Component:  General      |    Version:
 Severity:  normal       |   Keywords:
-------------------------+-----------------------------
 admin-ajax should allow cross-domain requests for known domains using by
 sending the correct {{{Access-Control-Allow-Origin}}} headers using
 {{{send_origin_headers()}}}.

 Note that the pre-flighted {{{OPTIONS}}} request that browsers make to
 check if the origin is allowed, does not send the necessary params
 (specifically "action"), which means that admin-ajax's {{{if ( empty(
 $_REQUEST['action'] ) )}}} check causes the request to fail so that needs
 to be accounted for.

 We should also send the {{{Access-Control-Allow-Credentials: true}}}
 header to allow authenticated cross-domain requests via the
 {{{withCredentials: true}}} flag. Maybe this can be an argument for
 {{{send_origin_headers}}}?

-- 
Ticket URL: <http://core.trac.wordpress.org/ticket/21024>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software


More information about the wp-trac mailing list