Make WordPress Core


Ignore:
Timestamp:
05/15/2012 06:46:03 PM (13 years ago)
Author:
ryan
Message:

API for allowing cross origin resource sharing.

  • Allowed origin whitelist that can be altered by plugins
  • Validation of the request origin against the whitelist
  • Send Access-Control-Allow-Origin if origin allowed
  • get_http_origin(), get_allowed_http_origins(), is_allowed_http_origin(), send_origin_headers()

See #20681

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-includes/class-wp-customize.php

    r20741 r20794  
    7272            return;
    7373
    74         $url = parse_url( admin_url() );
    75         $allowed_origins = array( 'http://' . $url[ 'host' ],  'https://' . $url[ 'host' ] );
    76         // @todo preserve port?
    77         if ( isset( $_SERVER[ 'HTTP_ORIGIN' ] ) && in_array( $_SERVER[ 'HTTP_ORIGIN' ], $allowed_origins ) ) {
    78             $origin = $_SERVER[ 'HTTP_ORIGIN' ];
    79         } else {
    80             $origin = $url[ 'scheme' ] . '://' . $url[ 'host' ];
    81         }
    82 
    83         @header( 'Access-Control-Allow-Origin: ' .  $origin );
    84         @header( 'Access-Control-Allow-Credentials: true' );
     74        send_origin_headers();
    8575
    8676        $this->start_previewing_theme();
Note: See TracChangeset for help on using the changeset viewer.