Changeset 20741 for trunk/wp-includes/class-wp-customize.php
- Timestamp:
- 05/08/2012 08:13:34 PM (13 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/wp-includes/class-wp-customize.php
r20737 r20741 72 72 return; 73 73 74 $url = parse_url( admin_url() ); 75 $allowed_origins = array( 'http://' . $url[ 'host' ], 'https://' . $url[ 'host' ] ); 76 // @todo preserve port? 77 if ( isset( $_SERVER[ 'HTTP_ORIGIN' ] ) && in_array( $_SERVER[ 'HTTP_ORIGIN' ], $allowed_origins ) ) { 78 $origin = $_SERVER[ 'HTTP_ORIGIN' ]; 79 } else { 80 $origin = $url[ 'scheme' ] . '://' . $url[ 'host' ]; 81 } 82 83 @header( 'Access-Control-Allow-Origin: ' . $origin ); 84 @header( 'Access-Control-Allow-Credentials: true' ); 85 74 86 $this->start_previewing_theme(); 75 87 show_admin_bar( false ); … … 199 211 public function customize_preview_settings() { 200 212 $settings = array( 201 // @todo: Perhaps grab the URL via $_POST?202 'parent' => esc_url( admin_url( 'themes.php' ) ),203 213 'values' => array(), 204 214 );
Note: See TracChangeset
for help on using the changeset viewer.