[wp-trac] [WordPress Trac] #34921: CORS Preflight Check Broken in API
WordPress Trac
noreply at wordpress.org
Tue Dec 8 20:05:14 UTC 2015
#34921: CORS Preflight Check Broken in API
--------------------------+-----------------------------
Reporter: tlovett1 | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: REST API | Version: trunk
Severity: normal | Keywords:
Focuses: |
--------------------------+-----------------------------
In `/wp-includes/rest-api/class-wp-rest-server.php` line 237:
`$this->send_header( 'Access-Control-Allow-Headers', 'Authorization' );`
This is breaking CORS preflight checks and resulting in error messages in
Chrome like this:
`XMLHttpRequest cannot load https://corsdomain.com/wp-json/... Request
header field X-WP-Nonce is not allowed by Access-Control-Allow-Headers in
preflight response.`
--
Ticket URL: <https://core.trac.wordpress.org/ticket/34921>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list