[wp-trac] [WordPress Trac] #34921: CORS Preflight Check Broken in API
WordPress Trac
noreply at wordpress.org
Tue Dec 8 22:59:29 UTC 2015
#34921: CORS Preflight Check Broken in API
--------------------------+----------------------
Reporter: tlovett1 | Owner:
Type: defect (bug) | Status: closed
Priority: normal | Milestone:
Component: REST API | Version: trunk
Severity: normal | Resolution: wontfix
Keywords: has-patch | Focuses:
--------------------------+----------------------
Changes (by rachelbaker):
* status: new => closed
* resolution: => wontfix
* milestone: Awaiting Review =>
Comment:
Per @rmccue that merged the related code here: https://github.com/WP-API
/WP-API/pull/1529
> You shouldn't be able to send the nonce from a different origin so far
as I can tell
> Cookie authentication is intentionally limited by the nonce to the
current site.
> If you really need it, you can send multiple `Access-Control-Allow-
Headers` headers, so hook into an early action (like
`rest_send_nocache_headers`) and add extra ones''
--
Ticket URL: <https://core.trac.wordpress.org/ticket/34921#comment:4>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list