[wp-trac] [WordPress Trac] #43428: Improve CORS headers sent to REST Api requests

WordPress Trac noreply at wordpress.org
Wed Mar 28 11:47:14 UTC 2018


#43428: Improve CORS headers sent to REST Api requests
-------------------------+------------------------------------
 Reporter:  andrei.igna  |       Owner:
     Type:  enhancement  |      Status:  new
 Priority:  normal       |   Milestone:  Awaiting Review
Component:  REST API     |     Version:  trunk
 Severity:  normal       |  Resolution:
 Keywords:               |     Focuses:  rest-api, performance
-------------------------+------------------------------------

Comment (by andrei.igna):

 Yes, there seems to be a small mistake on MDN docs about this. Probably
 will be updated shortly there too

 `OPTIONS` can be added in [https://developer.mozilla.org/en-
 US/docs/Web/HTTP/Headers/Allow Allow response header] to let the client
 know this method is available, but is unnecessary in `Access-Control-
 Allow-Headers`

 `Access-Control-Allow-Headers` is a response header found only in
 `OPTIONS` requests, so it can't say that it allows itself after the
 request has been served

--
Ticket URL: <https://core.trac.wordpress.org/ticket/43428#comment:4>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform


More information about the wp-trac mailing list