[wp-trac] [WordPress Trac] #40011: Do not add scheme prefix to "null" origin in wp-json's Access-Control-Allow-Origin header

WordPress Trac noreply at wordpress.org
Wed May 10 04:22:03 UTC 2017

#40011: Do not add scheme prefix to "null" origin in wp-json's Access-Control-
Allow-Origin header
 Reporter:  vicshih       |       Owner:  rmccue
     Type:  defect (bug)  |      Status:  closed
 Priority:  normal        |   Milestone:  4.8
Component:  REST API      |     Version:  4.7
 Severity:  normal        |  Resolution:  fixed
 Keywords:  commit        |     Focuses:
Changes (by rmccue):

 * status:  reviewing => closed
 * resolution:   => fixed


 In [changeset:"40600"]:
 #!CommitTicketReference repository="" revision="40600"
 REST API: Allow "Origin: null" from file: URLs.

 Browsers send an "Origin: null" header value for file and data URLs, as
 they can be generated by any document, and their origin is not guaranteed.
 Since we want to allow any URL to access the API (intentionally disabling
 the CORS protections), we need to special-case the non-URL "null" value.

 Props joehoyle.
 Fixes #40011.

Ticket URL: <https://core.trac.wordpress.org/ticket/40011#comment:6>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list