Ticket #20507: 20507.6.diff
File 20507.6.diff, 1.2 KB (added by , 12 years ago) |
---|
-
wp-includes/class-wp-customize.php
72 72 return; 73 73 74 74 $url = parse_url( admin_url() ); 75 $allowed_origins = a rray( 'http://' . $url[ 'host' ], 'https://' . $url[ 'host' ]);75 $allowed_origins = apply_filters( 'allowed_http_origins', array( 'http://' . $url[ 'host' ], 'https://' . $url[ 'host' ] ) ); 76 76 // @todo preserve port? 77 if ( isset( $_SERVER[ 'HTTP_ORIGIN' ] ) && in_array( $_SERVER[ 'HTTP_ORIGIN' ], $allowed_origins ) ) { 78 $origin = $_SERVER[ 'HTTP_ORIGIN' ]; 79 } else { 80 $origin = $url[ 'scheme' ] . '://' . $url[ 'host' ]; 77 $origin = isset( $_SERVER[ 'HTTP_ORIGIN' ] ) ? $_SERVER[ 'HTTP_ORIGIN' ] : ''; 78 $origin = apply_filters( 'http_origin', $origin ); 79 if ( $origin && in_array( $origin, $allowed_origins ) ) { 80 @header( 'Access-Control-Allow-Origin: ' . $origin ); 81 @header( 'Access-Control-Allow-Credentials: true' ); 81 82 } 82 83 83 @header( 'Access-Control-Allow-Origin: ' . $origin );84 @header( 'Access-Control-Allow-Credentials: true' );85 86 84 $this->start_previewing_theme(); 87 85 show_admin_bar( false ); 88 86 }