Make WordPress Core


Ignore:
Timestamp:
04/09/2021 09:26:07 PM (3 years ago)
Author:
rachelbaker
Message:

REST API: Move the rest_jsonp_enabled filter before setting the Content-Type header.

Fixes an issue where if JSONP was disabled the Content-Type HTTP header was still set to application/javascript.

Props dd32, TimothyBlynJacobs.
Fixes #52691.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-includes/rest-api/class-wp-rest-server.php

    r50150 r50695  
    265265        }
    266266
    267         $content_type = isset( $_GET['_jsonp'] ) ? 'application/javascript' : 'application/json';
     267        /**
     268         * Filters whether JSONP is enabled for the REST API.
     269         *
     270         * @since 4.4.0
     271         *
     272         * @param bool $jsonp_enabled Whether JSONP is enabled. Default true.
     273         */
     274        $jsonp_enabled = apply_filters( 'rest_jsonp_enabled', true );
     275
     276        $jsonp_callback = false;
     277        if ( isset( $_GET['_jsonp'] ) ) {
     278            $jsonp_callback = $_GET['_jsonp'];
     279        }
     280
     281        $content_type = ( $jsonp_callback && $jsonp_enabled ) ? 'application/javascript' : 'application/json';
    268282        $this->send_header( 'Content-Type', $content_type . '; charset=' . get_option( 'blog_charset' ) );
    269283        $this->send_header( 'X-Robots-Tag', 'noindex' );
     
    356370        );
    357371
    358         /**
    359          * Filters whether JSONP is enabled for the REST API.
    360          *
    361          * @since 4.4.0
    362          *
    363          * @param bool $jsonp_enabled Whether JSONP is enabled. Default true.
    364          */
    365         $jsonp_enabled = apply_filters( 'rest_jsonp_enabled', true );
    366 
    367         $jsonp_callback = null;
    368 
    369         if ( isset( $_GET['_jsonp'] ) ) {
     372        if ( $jsonp_callback ) {
    370373            if ( ! $jsonp_enabled ) {
    371374                echo $this->json_error( 'rest_callback_disabled', __( 'JSONP support is disabled on this site.' ), 400 );
     
    373376            }
    374377
    375             $jsonp_callback = $_GET['_jsonp'];
    376378            if ( ! wp_check_jsonp_callback( $jsonp_callback ) ) {
    377379                echo $this->json_error( 'rest_callback_invalid', __( 'Invalid JSONP callback function.' ), 400 );
Note: See TracChangeset for help on using the changeset viewer.