| 327 | | * Filters the list of response headers that are exposed to REST API CORS requests. |
| 328 | | * |
| 329 | | * @since 5.5.0 |
| 330 | | * |
| 331 | | * @param string[] $expose_headers The list of response headers to expose. |
| 332 | | */ |
| 333 | | $expose_headers = apply_filters( 'rest_exposed_cors_headers', $expose_headers ); |
| 334 | | |
| 335 | | $this->send_header( 'Access-Control-Expose-Headers', implode( ', ', $expose_headers ) ); |
| 336 | | |
| 337 | | $allow_headers = array( |
| 338 | | 'Authorization', |
| 339 | | 'X-WP-Nonce', |
| 340 | | 'Content-Disposition', |
| 341 | | 'Content-MD5', |
| 342 | | 'Content-Type', |
| 343 | | ); |
| 344 | | |
| 345 | | /** |
| 346 | | * Filters the list of request headers that are allowed for REST API CORS requests. |
| 347 | | * |
| 348 | | * The allowed headers are passed to the browser to specify which |
| 349 | | * headers can be passed to the REST API. By default, we allow the |
| 350 | | * Content-* headers needed to upload files to the media endpoints. |
| 351 | | * As well as the Authorization and Nonce headers for allowing authentication. |
| 352 | | * |
| 353 | | * @since 5.5.0 |
| 354 | | * |
| 355 | | * @param string[] $allow_headers The list of request headers to allow. |
| 356 | | */ |
| 357 | | $allow_headers = apply_filters( 'rest_allowed_cors_headers', $allow_headers ); |
| 358 | | |
| 359 | | $this->send_header( 'Access-Control-Allow-Headers', implode( ', ', $allow_headers ) ); |
| 360 | | |
| 361 | | /** |
| | 403 | $expose_headers = array( 'X-WP-Total', 'X-WP-TotalPages', 'Link' ); |
| | 404 | |
| | 405 | /** |
| | 406 | * Filters the list of response headers that are exposed to REST API CORS requests. |
| | 407 | * |
| | 408 | * @since 5.5.0 |
| | 409 | * |
| | 410 | * @param string[] $expose_headers The list of response headers to expose. |
| | 411 | * @param WP_REST_Request The request in context. |
| | 412 | */ |
| | 413 | $expose_headers = apply_filters( 'rest_exposed_cors_headers', $expose_headers, $request ); |
| | 414 | |
| | 415 | $this->send_header( 'Access-Control-Expose-Headers', implode( ', ', $expose_headers ) ); |
| | 416 | |
| | 417 | $allow_headers = array( |
| | 418 | 'Authorization', |
| | 419 | 'X-WP-Nonce', |
| | 420 | 'Content-Disposition', |
| | 421 | 'Content-MD5', |
| | 422 | 'Content-Type', |
| | 423 | ); |
| | 424 | |
| | 425 | /** |
| | 426 | * Filters the list of request headers that are allowed for REST API CORS requests. |
| | 427 | * |
| | 428 | * The allowed headers are passed to the browser to specify which |
| | 429 | * headers can be passed to the REST API. By default, we allow the |
| | 430 | * Content-* headers needed to upload files to the media endpoints. |
| | 431 | * As well as the Authorization and Nonce headers for allowing authentication. |
| | 432 | * |
| | 433 | * @since 5.5.0 |
| | 434 | * |
| | 435 | * @param string[] $allow_headers The list of request headers to allow. |
| | 436 | * @param WP_REST_Request The request in context. |
| | 437 | */ |
| | 438 | $allow_headers = apply_filters( 'rest_allowed_cors_headers', $allow_headers, $request ); |
| | 439 | |
| | 440 | $this->send_header( 'Access-Control-Allow-Headers', implode( ', ', $allow_headers ) ); |
| | 441 | |