Changeset 21988
- Timestamp:
- 09/24/2012 09:39:04 PM (12 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/wp-includes/http.php
r21792 r21988 285 285 * is from an allowed origin. 286 286 * 287 * If the request is an OPTIONS request, the script exits with either access 288 * control headers sent, or a 403 response if the origin is not allowed. For 289 * other request methods, you will receive a return value. 290 * 287 291 * @since 3.4.0 288 292 * … … 292 296 function send_origin_headers() { 293 297 $origin = get_http_origin(); 294 if ( ! is_allowed_http_origin( $origin ) ) 295 return false; 296 297 @header( 'Access-Control-Allow-Origin: ' . $origin ); 298 @header( 'Access-Control-Allow-Credentials: true' ); 299 300 return $origin; 301 } 298 299 if ( is_allowed_http_origin( $origin ) ) { 300 @header( 'Access-Control-Allow-Origin: ' . $origin ); 301 @header( 'Access-Control-Allow-Credentials: true' ); 302 if ( 'OPTIONS' === $_SERVER['REQUEST_METHOD'] ) 303 exit; 304 return $origin; 305 } 306 307 if ( 'OPTIONS' === $_SERVER['REQUEST_METHOD'] ) { 308 status_header( 403 ); 309 exit; 310 } 311 312 return false; 313 }
Note: See TracChangeset
for help on using the changeset viewer.