Ticket #20507: 20507.4.diff
| File 20507.4.diff, 1.9 KB (added by , 13 years ago) |
|---|
-
wp-includes/class-wp-customize.php
71 71 if ( ! isset( $_REQUEST['customize'] ) || 'on' != $_REQUEST['customize'] ) 72 72 return; 73 73 74 $url = parse_url( admin_url() ); 75 $allowed_origins = array( 'http://' . $url[ 'host' ], 'https://' . $url[ 'host' ] ); 76 // @todo preserve port? 77 if ( isset( $_SERVER[ 'HTTP_ORIGIN' ] ) && in_array( $_SERVER[ 'HTTP_ORIGIN' ], $allowed_origins ) ) { 78 $origin = $_SERVER[ 'HTTP_ORIGIN' ]; 79 } else { 80 $origin = $url[ 'scheme' ] . '://' . $url[ 'host' ]; 81 } 82 83 @header( 'Access-Control-Allow-Origin: ' . $origin ); 84 @header( 'Access-Control-Allow-Credentials: true' ); 85 74 86 $this->start_previewing_theme(); 75 87 show_admin_bar( false ); 76 88 } -
wp-includes/js/customize-controls.dev.js
343 343 if ( this.request ) 344 344 this.request.abort(); 345 345 346 this.request = $.post( this.url(), this.query() || {}, function( response ) { 347 var iframe = self.loader()[0].contentWindow; 346 this.request = $.ajax( this.url(), { 347 type: 'POST', 348 data: this.query() || {}, 349 success: function( response ) { 350 var iframe = self.loader()[0].contentWindow; 348 351 349 self.loader().one( 'load', self.loaded );352 self.loader().one( 'load', self.loaded ); 350 353 351 iframe.document.open(); 352 iframe.document.write( response ); 353 iframe.document.close(); 354 }); 354 iframe.document.open(); 355 iframe.document.write( response ); 356 iframe.document.close(); 357 }, 358 xhrFields: { 359 withCredentials: true 360 } 361 } ); 355 362 } 356 363 }); 357 364