Changeset 48452 for trunk/src/wp-includes/rest-api/class-wp-rest-server.php
- Timestamp:
- 07/12/2020 07:35:55 PM (4 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/src/wp-includes/rest-api/class-wp-rest-server.php
r48198 r48452 256 256 257 257 $this->send_header( 'Access-Control-Expose-Headers', implode( ', ', $expose_headers ) ); 258 $this->send_header( 'Access-Control-Allow-Headers', 'Authorization, Content-Type' ); 258 259 $allow_headers = array( 260 'Authorization', 261 'X-WP-Nonce', 262 'Content-Disposition', 263 'Content-MD5', 264 'Content-Type', 265 ); 266 267 /** 268 * Filters the list of request headers that are allowed for CORS requests. 269 * 270 * The allowed headers are passed to the browser to specify which 271 * headers can be passed to the REST API. By default, we allow the 272 * Content-* headers needed to upload files to the media endpoints. 273 * As well as the Authorization and Nonce headers for allowing authentication. 274 * 275 * @since 5.5.0 276 * 277 * @param string[] $allow_headers The list of headers to allow. 278 */ 279 $allow_headers = apply_filters( 'rest_allowed_cors_headers', $allow_headers ); 280 281 $this->send_header( 'Access-Control-Allow-Headers', implode( ', ', $allow_headers ) ); 259 282 260 283 /**
Note: See TracChangeset
for help on using the changeset viewer.