WordPress.org

Make WordPress Core

Opened 13 months ago

Closed 13 months ago

#20681 closed defect (bug) (fixed)

Allow Origin API

Reported by: ryan Owned by:
Priority: normal Milestone: 3.4
Component: Security Version: 3.4
Severity: normal Keywords: has-patch
Cc: johnbillion

Description

An API for controlling delivery of Access-Control-Allow-Origin and friends that handles SSL and domain mapped scenarios.

Attachments (3)

20681.diff (3.1 KB) - added by ryan 13 months ago.
20681.2.diff (1.4 KB) - added by ryan 13 months ago.
Attempt loading preview over ssl if admin is ssl
20681.3.diff (1.4 KB) - added by ryan 13 months ago.
Now with fewer typos.

Download all attachments as: .zip

Change History (7)

ryan13 months ago

comment:1 scribu13 months ago

  • Keywords has-patch added

Something like this would be very useful for all AJAX requests.

Last edited 13 months ago by scribu (previous) (diff)

comment:2 ryan13 months ago

In [20794]:

API for allowing cross origin resource sharing.

  • Allowed origin whitelist that can be altered by plugins
  • Validation of the request origin against the whitelist
  • Send Access-Control-Allow-Origin if origin allowed
  • get_http_origin(), get_allowed_http_origins(), is_allowed_http_origin(), send_origin_headers()

See #20681

comment:3 johnbillion13 months ago

  • Cc johnbillion added

comment:4 ryan13 months ago

  • Resolution set to fixed
  • Status changed from new to closed

Try it out. Reopen with comments and suggestions.

ryan13 months ago

Attempt loading preview over ssl if admin is ssl

ryan13 months ago

Now with fewer typos.

Note: See TracTickets for help on using tickets.