Changeset 20741
- Timestamp:
- 05/08/2012 08:13:34 PM (13 years ago)
- Location:
- trunk/wp-includes
- Files:
-
- 3 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/wp-includes/class-wp-customize.php
r20737 r20741 72 72 return; 73 73 74 $url = parse_url( admin_url() ); 75 $allowed_origins = array( 'http://' . $url[ 'host' ], 'https://' . $url[ 'host' ] ); 76 // @todo preserve port? 77 if ( isset( $_SERVER[ 'HTTP_ORIGIN' ] ) && in_array( $_SERVER[ 'HTTP_ORIGIN' ], $allowed_origins ) ) { 78 $origin = $_SERVER[ 'HTTP_ORIGIN' ]; 79 } else { 80 $origin = $url[ 'scheme' ] . '://' . $url[ 'host' ]; 81 } 82 83 @header( 'Access-Control-Allow-Origin: ' . $origin ); 84 @header( 'Access-Control-Allow-Credentials: true' ); 85 74 86 $this->start_previewing_theme(); 75 87 show_admin_bar( false ); … … 199 211 public function customize_preview_settings() { 200 212 $settings = array( 201 // @todo: Perhaps grab the URL via $_POST?202 'parent' => esc_url( admin_url( 'themes.php' ) ),203 213 'values' => array(), 204 214 ); -
trunk/wp-includes/js/customize-controls.dev.js
r20737 r20741 312 312 api.Messenger.prototype.initialize.call( this, params.url ); 313 313 314 // We're dynamically generating the iframe, so the origin is set 315 // to the current window's location, not the url's. 316 this.origin.unlink( this.url ).set( window.location.href ); 317 314 318 this.bind( 'url', function( url ) { 315 319 // Bail if we're navigating to the current url, to a different origin, or wp-admin. … … 344 348 this.request.abort(); 345 349 346 this.request = $.post( this.url(), this.query() || {}, function( response ) { 347 var iframe = self.loader()[0].contentWindow; 348 349 self.loader().one( 'load', self.loaded ); 350 351 iframe.document.open(); 352 iframe.document.write( response ); 353 iframe.document.close(); 354 }); 350 this.request = $.ajax( this.url(), { 351 type: 'POST', 352 data: this.query() || {}, 353 success: function( response ) { 354 var iframe = self.loader()[0].contentWindow; 355 356 self.loader().one( 'load', self.loaded ); 357 358 iframe.document.open(); 359 iframe.document.write( response ); 360 iframe.document.close(); 361 }, 362 xhrFields: { 363 withCredentials: true 364 } 365 } ); 355 366 } 356 367 }); -
trunk/wp-includes/js/customize-preview.dev.js
r20737 r20741 38 38 var preview, body; 39 39 40 preview = new api.Preview( api.settings.parent);40 preview = new api.Preview( window.location.href ); 41 41 42 42 $.each( api.settings.values, function( id, value ) {
Note: See TracChangeset
for help on using the changeset viewer.