[wp-trac] [WordPress Trac] #40011: Do not add scheme prefix to "null" origin in wp-json's Access-Control-Allow-Origin header
WordPress Trac
noreply at wordpress.org
Wed May 10 04:22:03 UTC 2017
#40011: Do not add scheme prefix to "null" origin in wp-json's Access-Control-
Allow-Origin header
--------------------------+---------------------
Reporter: vicshih | Owner: rmccue
Type: defect (bug) | Status: closed
Priority: normal | Milestone: 4.8
Component: REST API | Version: 4.7
Severity: normal | Resolution: fixed
Keywords: commit | Focuses:
--------------------------+---------------------
Changes (by rmccue):
* status: reviewing => closed
* resolution: => fixed
Comment:
In [changeset:"40600"]:
{{{
#!CommitTicketReference repository="" revision="40600"
REST API: Allow "Origin: null" from file: URLs.
Browsers send an "Origin: null" header value for file and data URLs, as
they can be generated by any document, and their origin is not guaranteed.
Since we want to allow any URL to access the API (intentionally disabling
the CORS protections), we need to special-case the non-URL "null" value.
Props joehoyle.
Fixes #40011.
}}}
--
Ticket URL: <https://core.trac.wordpress.org/ticket/40011#comment:6>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list