Ticket #21024: 21024.diff
File 21024.diff, 1.3 KB (added by , 12 years ago) |
---|
-
wp-includes/http.php
284 284 * Send Access-Control-Allow-Origin and related headers if the current request 285 285 * is from an allowed origin. 286 286 * 287 * If the request is an OPTIONS request, the script exits with either access 288 * control headers sent, or a 403 response if the origin is not allowed. For 289 * other request methods, you will receive a return value. 290 * 287 291 * @since 3.4.0 288 292 * 289 293 * @return bool|string Returns the origin URL if headers are sent. Returns false … … 291 295 */ 292 296 function send_origin_headers() { 293 297 $origin = get_http_origin(); 294 if ( ! is_allowed_http_origin( $origin ) )295 return false;296 298 297 @header( 'Access-Control-Allow-Origin: ' . $origin ); 298 @header( 'Access-Control-Allow-Credentials: true' ); 299 if ( is_allowed_http_origin( $origin ) ) { 300 @header( 'Access-Control-Allow-Origin: ' . $origin ); 301 @header( 'Access-Control-Allow-Credentials: true' ); 302 if ( 'OPTIONS' === $_SERVER['REQUEST_METHOD'] ) 303 exit; 304 return $origin; 305 } 299 306 300 return $origin; 301 } 302 No newline at end of file 307 if ( 'OPTIONS' === $_SERVER['REQUEST_METHOD'] ) { 308 status_header( 403 ); 309 exit; 310 } 311 312 return false; 313 }