Make WordPress Core

Changeset 38806


Ignore:
Timestamp:
10/17/2016 04:10:37 PM (8 years ago)
Author:
jorbin
Message:

REST API: Include Vary: Origin in cors headers

vary: origin is a W3 CORS implementation recommendation( https://www.w3.org/TR/cors/#resource-implementation ). It's used by default in frameworks such as hapi and Laravel-cors. Overall, it helps sites siting behind a cache such as varnish.

Fixes #38060.
Props procodewp, pdufour for research.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-includes/rest-api.php

    r38790 r38806  
    409409        header( 'Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE' );
    410410        header( 'Access-Control-Allow-Credentials: true' );
     411        header( 'Vary: Origin' );
    411412    }
    412413
Note: See TracChangeset for help on using the changeset viewer.