[wp-trac] [WordPress Trac] #45477: Disable REST API reflection of request Origin header in response Access-Control-Allow-Origin
WordPress Trac
noreply at wordpress.org
Wed Dec 5 14:07:54 UTC 2018
#45477: Disable REST API reflection of request Origin header in response Access-
Control-Allow-Origin
-----------------------------------+------------------------------
Reporter: BjornW | Owner: (none)
Type: enhancement | Status: new
Priority: normal | Milestone: Awaiting Review
Component: REST API | Version:
Severity: normal | Resolution:
Keywords: has-patch 2nd-opinion | Focuses:
-----------------------------------+------------------------------
Changes (by swissspidy):
* type: defect (bug) => enhancement
Comment:
Marking as enhancement since this is intentional behavior. Citing [40600]:
> Browsers send an "Origin: null" header value for file and data URLs, as
they can be generated by any document, and their origin is not guaranteed.
Since we want to allow any URL to access the API (intentionally disabling
the CORS protections), we need to special-case the non-URL "null" value.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/45477#comment:5>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list