[wp-trac] [WordPress Trac] #21024: send_origin_headers for admin-ajax
WordPress Trac
wp-trac at lists.automattic.com
Wed Jun 20 10:07:11 UTC 2012
#21024: send_origin_headers for admin-ajax
-------------------------+-----------------------------
Reporter: batmoo | Owner:
Type: enhancement | Status: new
Priority: normal | Milestone: Awaiting Review
Component: General | Version:
Severity: normal | Keywords:
-------------------------+-----------------------------
admin-ajax should allow cross-domain requests for known domains using by
sending the correct {{{Access-Control-Allow-Origin}}} headers using
{{{send_origin_headers()}}}.
Note that the pre-flighted {{{OPTIONS}}} request that browsers make to
check if the origin is allowed, does not send the necessary params
(specifically "action"), which means that admin-ajax's {{{if ( empty(
$_REQUEST['action'] ) )}}} check causes the request to fail so that needs
to be accounted for.
We should also send the {{{Access-Control-Allow-Credentials: true}}}
header to allow authenticated cross-domain requests via the
{{{withCredentials: true}}} flag. Maybe this can be an argument for
{{{send_origin_headers}}}?
--
Ticket URL: <http://core.trac.wordpress.org/ticket/21024>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list