WordPress.org

Make WordPress Core

Changeset 20886


Ignore:
Timestamp:
05/24/2012 09:13:21 PM (8 years ago)
Author:
koopersmith
Message:

Theme Customizer: Check for CORS support when the preview and admin urls are cross-domain. Add a fallback to the customize control frame, and check support there as well. see #20582, #19910.

Location:
trunk
Files:
5 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-admin/customize.php

    r20882 r20886  
    108108    $admin_origin = parse_url( admin_url() );
    109109    $home_origin  = parse_url( home_url() );
     110    $cross_domain = ( strtolower( $admin_origin[ 'host' ] ) != strtolower( $home_origin[ 'host' ] ) );
    110111
    111     if ( is_ssl() && ( $admin_origin[ 'host' ] == $home_origin[ 'host' ] ) )
     112    if ( is_ssl() && ! $cross_domain )
    112113        $allowed_urls[] = home_url( '/', 'https' );
    113114
    114115    $allowed_urls = array_unique( apply_filters( 'customize_allowed_urls', $allowed_urls ) );
     116
     117    $fallback_url = add_query_arg( array(
     118        'preview'        => 1,
     119        'template'       => $wp_customize->get_template(),
     120        'stylesheet'     => $wp_customize->get_stylesheet(),
     121        'preview_iframe' => true,
     122        'TB_iframe'      => 'true'
     123    ), home_url( '/' ) );
    115124
    116125    $settings = array(
     
    120129        ),
    121130        'url'      => array(
    122             'preview'  => esc_url( home_url( '/' ) ),
    123             'parent'   => esc_url( admin_url() ),
    124             'ajax'     => esc_url( admin_url( 'admin-ajax.php', 'relative' ) ),
    125             'allowed'  => array_map( 'esc_url', $allowed_urls ),
     131            'preview'       => esc_url( home_url( '/' ) ),
     132            'parent'        => esc_url( admin_url() ),
     133            'ajax'          => esc_url( admin_url( 'admin-ajax.php', 'relative' ) ),
     134            'allowed'       => array_map( 'esc_url', $allowed_urls ),
     135            'isCrossDomain' => $cross_domain,
     136            'fallback'      => $fallback_url,
    126137        ),
    127138        'settings' => array(),
  • trunk/wp-includes/js/customize-base.dev.js

    r20801 r20886  
    475475     * ===================================================================== */
    476476
     477    $.support.postMessage = !! window.postMessage;
     478
    477479    api.Messenger = api.Class.extend({
    478480        add: function( key, initial, options ) {
  • trunk/wp-includes/js/customize-controls.dev.js

    r20882 r20886  
    442442        if ( ! api.settings )
    443443            return;
     444
     445        if ( ! $.support.postMessage || ( ! $.support.cors && api.settings.isCrossDomain ) )
     446            return window.location = api.settings.url.fallback;
    444447
    445448        // Initialize Previewer
  • trunk/wp-includes/js/customize-loader.dev.js

    r20864 r20886  
    66        Loader;
    77
     8    $.extend( $.support, {
     9        history: !! ( window.history && history.pushState ),
     10        hashchange: ('onhashchange' in window) && (document.documentMode === undefined || document.documentMode > 7)
     11    });
     12
    813    Loader = $.extend( {}, api.Events, {
    9         supports: {
    10             history:  !! ( window.history && history.pushState ),
    11             hashchange: ('onhashchange' in window) && (document.documentMode === undefined || document.documentMode > 7)
    12         },
     14        initialize: function() {
     15            this.body = $( document.body );
    1316
    14         initialize: function() {
    15             this.body    = $( document.body ).addClass('customize-support');
     17            // Ensure the loader is supported.
     18            // Check for settings, postMessage support, and whether we require CORS support.
     19            if ( ! Loader.settings || ! $.support.postMessage || ( ! $.support.cors && Loader.settings.isCrossDomain ) ) {
     20                this.body.removeClass( 'customize-support' ).addClass( 'no-customize-support' );
     21                return;
     22            }
     23
     24            this.body.removeClass( 'no-customize-support' ).addClass( 'customize-support' );
     25
    1626            this.window  = $( window );
    1727            this.element = $( '<div id="customize-container" class="wp-full-overlay" />' ).appendTo( this.body );
     
    2838
    2939            // Add navigation listeners.
    30             if ( this.supports.history )
     40            if ( $.support.history )
    3141                this.window.on( 'popstate', Loader.popstate );
    3242
    33             if ( this.supports.hashchange )
     43            if ( $.support.hashchange )
    3444                this.window.on( 'hashchange', Loader.hashchange );
    3545        },
     
    4959                Loader.open( wpCustomizeLoaderL10n.url + '?' + hash );
    5060
    51             if ( ! hash && ! Loader.supports.history )
     61            if ( ! hash && ! $.support.history )
    5262                Loader.close();
    5363        },
     
    7484
    7585            this.messenger.bind( 'close', function() {
    76                 if ( Loader.supports.history )
     86                if ( $.support.history )
    7787                    history.back();
    78                 else if ( Loader.supports.hashchange )
     88                else if ( $.support.hashchange )
    7989                    window.location.hash = '';
    8090                else
     
    8595
    8696            // Ensure we don't call pushState if the user hit the forward button.
    87             if ( Loader.supports.history && window.location.href !== src )
     97            if ( $.support.history && window.location.href !== src )
    8898                history.pushState( { customize: src }, '', src );
    89             else if ( ! Loader.supports.history && Loader.supports.hashchange && hash )
     99            else if ( ! $.support.history && $.support.hashchange && hash )
    90100                window.location.hash = hash;
    91101
     
    129139
    130140    $( function() {
    131         if ( window.postMessage )
    132             Loader.initialize();
     141        Loader.settings = _wpCustomizeLoaderSettings;
     142        Loader.initialize();
    133143    });
    134144
  • trunk/wp-includes/theme.php

    r20864 r20886  
    15851585
    15861586/**
    1587  * Localizes the customize-loader script.
     1587 * Adds settings for the customize-loader script.
    15881588 *
    15891589 * @since 3.4.0
    15901590 */
    1591 function _wp_customize_loader_localize() {
    1592     wp_localize_script( 'customize-loader', 'wpCustomizeLoaderL10n', array(
    1593         'url' => admin_url( 'admin.php' ),
    1594     ) );
    1595 }
    1596 add_action( 'admin_enqueue_scripts', '_wp_customize_loader_localize' );
     1591function _wp_customize_loader_settings() {
     1592    global $wp_scripts;
     1593
     1594    $admin_origin = parse_url( admin_url() );
     1595    $home_origin  = parse_url( home_url() );
     1596    $cross_domain = ( strtolower( $admin_origin[ 'host' ] ) != strtolower( $home_origin[ 'host' ] ) );
     1597
     1598    $settings = array(
     1599        'url'           => esc_url( admin_url( 'admin.php' ) ),
     1600        'isCrossDomain' => $cross_domain,
     1601    );
     1602
     1603    $script = 'var _wpCustomizeLoaderSettings = ' . json_encode( $settings ) . ';';
     1604
     1605    $data = $wp_scripts->get_data( 'customize-loader', 'data' );
     1606    if ( $data )
     1607        $script = "$data\n$script";
     1608
     1609    $wp_scripts->add_data( 'customize-loader', 'data', $script );
     1610}
     1611add_action( 'admin_enqueue_scripts', '_wp_customize_loader_settings' );
    15971612
    15981613/**
Note: See TracChangeset for help on using the changeset viewer.