Ticket #45477: 45477.diff
File 45477.diff, 2.1 KB (added by , 6 years ago) |
---|
-
package-lock.json
1 1 { 2 2 "name": "WordPress", 3 "version": "5. 0.0",3 "version": "5.1.0", 4 4 "lockfileVersion": 1, 5 5 "requires": true, 6 6 "dependencies": { … … 3643 3643 "version": "1.0.5", 3644 3644 "bundled": true, 3645 3645 "dev": true, 3646 "optional": true, 3646 3647 "requires": { 3647 3648 "delayed-stream": "~1.0.0" 3648 3649 } … … 3705 3706 "delayed-stream": { 3706 3707 "version": "1.0.0", 3707 3708 "bundled": true, 3708 "dev": true 3709 "dev": true, 3710 "optional": true 3709 3711 }, 3710 3712 "delegates": { 3711 3713 "version": "1.0.0", … … 3993 3995 "mime-db": { 3994 3996 "version": "1.27.0", 3995 3997 "bundled": true, 3996 "dev": true 3998 "dev": true, 3999 "optional": true 3997 4000 }, 3998 4001 "mime-types": { 3999 4002 "version": "2.1.15", 4000 4003 "bundled": true, 4001 4004 "dev": true, 4005 "optional": true, 4002 4006 "requires": { 4003 4007 "mime-db": "~1.27.0" 4004 4008 } … … 4074 4078 "number-is-nan": { 4075 4079 "version": "1.0.1", 4076 4080 "bundled": true, 4077 "dev": true 4081 "dev": true, 4082 "optional": true 4078 4083 }, 4079 4084 "oauth-sign": { 4080 4085 "version": "0.8.2", -
src/wp-includes/rest-api.php
527 527 528 528 /** 529 529 * Sends Cross-Origin Resource Sharing headers with API requests. 530 * 530 * 531 * Note: Any incoming Origin URL is verified against a safe-list of Origins 532 * using the Allowed Origin API, before these headers are sent. 533 * {@see 'allowed_http_origins'} filter on how to add an Origin to this list 534 * 531 535 * @since 4.4.0 532 536 * 533 537 * @param mixed $value Response data. … … 535 539 */ 536 540 function rest_send_cors_headers( $value ) { 537 541 $origin = get_http_origin(); 538 539 if ( $origin ) {542 $allowed_origins = get_allowed_http_origins(); 543 if ( $origin && in_array( $origin, $allowed_origins ) { 540 544 // Requests from file:// and data: URLs send "Origin: null" 541 545 if ( 'null' !== $origin ) { 542 546 $origin = esc_url_raw( $origin );