[wp-trac] [WordPress Trac] #37994: Preflight CORS check fails because of missing "Access-Control-Allow-Headers: Content-Type"
WordPress Trac
noreply at wordpress.org
Thu Sep 8 15:45:25 UTC 2016
#37994: Preflight CORS check fails because of missing "Access-Control-Allow-
Headers: Content-Type"
--------------------------+-----------------------------
Reporter: nuvoPoint | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: REST API | Version: 4.6.1
Severity: normal | Keywords:
Focuses: |
--------------------------+-----------------------------
Working on a single page app in Angular2 (Ionic 2), and trying to talk to
the WP REST API V2.
GETs work fine, but when I try to POST, the preflight check fails because
of a missing Access-Control-Allow-Headers returned from WP REST.
The preflight check checks for `Access-Control-Request-Headers:
Authorization, Content-Type` with an OPTIONS call, and WP REST replies:
`Access-Control-Allow-Headers: Authorization`
The missing "Content-Type" from the reply, blocks the following post-
flight request, and execution stops.
I can easily solve this problem with some custom headers via PHP, but I
simply request that you add official support for this. Would be a lot less
hassle for a lot of Javascript based apps.
Basically the only thing you need to add is "Content-Type" to line 237 of
/wp-includes/rest-api/class-wp-rest-server.php.
Anyway, here's a workaround:
{{{#!php
<?php
add_filter('rest_post_dispatch', function (\WP_REST_Response $result) {
if ($_SERVER['REQUEST_METHOD'] === 'OPTIONS') {
$result->header('Access-Control-Allow-Headers',
'Authorization, Content-Type', true);
}
return $result;
});
}}}
Still, would prefer official support for it.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/37994>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list