Make WordPress Core

Changeset 21988


Ignore:
Timestamp:
09/24/2012 09:39:04 PM (12 years ago)
Author:
ryan
Message:

Handle pre-flighted OPTIONS requests in send_origin_headers(). Props nacin. fixes #21024

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-includes/http.php

    r21792 r21988  
    285285 * is from an allowed origin.
    286286 *
     287 * If the request is an OPTIONS request, the script exits with either access
     288 * control headers sent, or a 403 response if the origin is not allowed. For
     289 * other request methods, you will receive a return value.
     290 *
    287291 * @since 3.4.0
    288292 *
     
    292296function send_origin_headers() {
    293297    $origin = get_http_origin();
    294     if ( ! is_allowed_http_origin( $origin ) )
    295         return false;
    296 
    297     @header( 'Access-Control-Allow-Origin: ' .  $origin );
    298     @header( 'Access-Control-Allow-Credentials: true' );
    299 
    300     return $origin;
    301 }
     298
     299    if ( is_allowed_http_origin( $origin ) ) {
     300        @header( 'Access-Control-Allow-Origin: ' .  $origin );
     301        @header( 'Access-Control-Allow-Credentials: true' );
     302        if ( 'OPTIONS' === $_SERVER['REQUEST_METHOD'] )
     303            exit;
     304        return $origin;
     305    }
     306
     307    if ( 'OPTIONS' === $_SERVER['REQUEST_METHOD'] ) {
     308        status_header( 403 );
     309        exit;
     310    }
     311
     312    return false;
     313}
Note: See TracChangeset for help on using the changeset viewer.