WordPress.org

Make WordPress Core

Changeset 38806


Ignore:
Timestamp:
10/17/16 16:10:37 (9 months ago)
Author:
jorbin
Message:

REST API: Include Vary: Origin in cors headers

vary: origin is a W3 CORS implementation recommendation( https://www.w3.org/TR/cors/#resource-implementation ). It's used by default in frameworks such as hapi and Laravel-cors. Overall, it helps sites siting behind a cache such as varnish.

Fixes #38060.
Props procodewp, pdufour for research.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-includes/rest-api.php

    r38790 r38806  
    409409        header( 'Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE' ); 
    410410        header( 'Access-Control-Allow-Credentials: true' ); 
     411        header( 'Vary: Origin' ); 
    411412    } 
    412413 
Note: See TracChangeset for help on using the changeset viewer.