Changeset 59899

Timestamp:

03/02/2025 10:05:08 PM (8 weeks ago)

Author:

TimothyBlynJacobs

Message:

REST API: Improve performance for HEAD requests.

By default, the REST API responds to HEAD rqeuests by calling the GET handler and omitting the body from the response. While convenient, this ends up performing needless work that slows down the API response time.

This commit adjusts the Core controllers to specifically handle HEAD requests by not preparing the response body.

Fixes #56481.
Props antonvlasenko, janusdev, ironprogrammer, swissspidy, spacedmonkey, mukesh27, mamaduka, timothyblynjacobs.

Location:

trunk

Files:

• src/wp-includes/rest-api/class-wp-rest-request.php (modified) (1 diff)
• src/wp-includes/rest-api/endpoints/class-wp-rest-autosaves-controller.php (modified) (2 diffs)
• src/wp-includes/rest-api/endpoints/class-wp-rest-block-pattern-categories-controller.php (modified) (1 diff)
• src/wp-includes/rest-api/endpoints/class-wp-rest-block-types-controller.php (modified) (2 diffs)
• src/wp-includes/rest-api/endpoints/class-wp-rest-comments-controller.php (modified) (4 diffs)
• src/wp-includes/rest-api/endpoints/class-wp-rest-font-collections-controller.php (modified) (4 diffs)
• src/wp-includes/rest-api/endpoints/class-wp-rest-global-styles-revisions-controller.php (modified) (4 diffs)
• src/wp-includes/rest-api/endpoints/class-wp-rest-pattern-directory-controller.php (modified) (1 diff)
• src/wp-includes/rest-api/endpoints/class-wp-rest-post-types-controller.php (modified) (2 diffs)
• src/wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php (modified) (4 diffs)
• src/wp-includes/rest-api/endpoints/class-wp-rest-revisions-controller.php (modified) (4 diffs)
• src/wp-includes/rest-api/endpoints/class-wp-rest-search-controller.php (modified) (2 diffs)
• src/wp-includes/rest-api/endpoints/class-wp-rest-sidebars-controller.php (modified) (2 diffs)
• src/wp-includes/rest-api/endpoints/class-wp-rest-taxonomies-controller.php (modified) (2 diffs)
• src/wp-includes/rest-api/endpoints/class-wp-rest-template-autosaves-controller.php (modified) (1 diff)
• src/wp-includes/rest-api/endpoints/class-wp-rest-template-revisions-controller.php (modified) (1 diff)
• src/wp-includes/rest-api/endpoints/class-wp-rest-templates-controller.php (modified) (2 diffs)
• src/wp-includes/rest-api/endpoints/class-wp-rest-terms-controller.php (modified) (3 diffs)
• src/wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php (modified) (3 diffs)
• src/wp-includes/rest-api/endpoints/class-wp-rest-widget-types-controller.php (modified) (2 diffs)
• src/wp-includes/rest-api/endpoints/class-wp-rest-widgets-controller.php (modified) (2 diffs)
• tests/phpunit/tests/fonts/font-library/wpRestFontCollectionsController.php (modified) (7 diffs)
• tests/phpunit/tests/rest-api/rest-autosaves-controller.php (modified) (5 diffs)
• tests/phpunit/tests/rest-api/rest-block-type-controller.php (modified) (5 diffs)
• tests/phpunit/tests/rest-api/rest-categories-controller.php (modified) (5 diffs)
• tests/phpunit/tests/rest-api/rest-comments-controller.php (modified) (17 diffs)
• tests/phpunit/tests/rest-api/rest-global-styles-revisions-controller.php (modified) (22 diffs)
• tests/phpunit/tests/rest-api/rest-pattern-directory-controller.php (modified) (4 diffs)
• tests/phpunit/tests/rest-api/rest-post-types-controller.php (modified) (5 diffs)
• tests/phpunit/tests/rest-api/rest-posts-controller.php (modified) (17 diffs)
• tests/phpunit/tests/rest-api/rest-request.php (modified) (1 diff)
• tests/phpunit/tests/rest-api/rest-revisions-controller.php (modified) (22 diffs)
• tests/phpunit/tests/rest-api/rest-search-controller.php (modified) (7 diffs)
• tests/phpunit/tests/rest-api/rest-sidebars-controller.php (modified) (5 diffs)
• tests/phpunit/tests/rest-api/rest-tags-controller.php (modified) (2 diffs)
• tests/phpunit/tests/rest-api/rest-taxonomies-controller.php (modified) (6 diffs)
• tests/phpunit/tests/rest-api/rest-users-controller.php (modified) (11 diffs)
• tests/phpunit/tests/rest-api/rest-widget-types-controller.php (modified) (7 diffs)
• tests/phpunit/tests/rest-api/rest-widgets-controller.php (modified) (8 diffs)
• tests/phpunit/tests/rest-api/wpRestBlockPatternCategoriesController.php (modified) (1 diff)
• tests/phpunit/tests/rest-api/wpRestTemplateAutosavesController.php (modified) (3 diffs)
• tests/phpunit/tests/rest-api/wpRestTemplateRevisionsController.php (modified) (13 diffs)
• tests/phpunit/tests/rest-api/wpRestTemplatesController.php (modified) (3 diffs)

trunk/src/wp-includes/rest-api/class-wp-rest-request.php

@@ -163 +163 @@
 
     /**
+     * Determines if the request is the given method.
+     *
+     * @since 6.8.0
+     *
+     * @param string $method HTTP method.
+     * @return bool Whether the request is of the given method.
+     */
+    public function is_method( $method ) {
+        return $this->get_method() === strtoupper( $method );
+    }
+
+    /**
      * Canonicalizes the header name.
      *

trunk/src/wp-includes/rest-api/endpoints/class-wp-rest-autosaves-controller.php

@@ -306 +306 @@
         }
 
+        if ( $request->is_method( 'HEAD' ) ) {
+            // Return early as this handler doesn't add any response headers.
+            return new WP_REST_Response();
+        }
         $response  = array();
         $parent_id = $parent->ID;
@@ -449 +453 @@
         $post = $item;
 
+        // Don't prepare the response body for HEAD requests.
+        if ( $request->is_method( 'HEAD' ) ) {
+            /** This filter is documented in wp-includes/rest-api/endpoints/class-wp-rest-autosaves-controller.php */
+            return apply_filters( 'rest_prepare_autosave', new WP_REST_Response(), $post, $request );
+        }
         $response = $this->revisions_controller->prepare_item_for_response( $post, $request );
         $fields   = $this->get_fields_for_response( $request );

trunk/src/wp-includes/rest-api/endpoints/class-wp-rest-block-pattern-categories-controller.php

@@ -82 +82 @@
      */
     public function get_items( $request ) {
+        if ( $request->is_method( 'HEAD' ) ) {
+            // Return early as this handler doesn't add any response headers.
+            return new WP_REST_Response();
+        }
+
         $response   = array();
         $categories = WP_Block_Pattern_Categories_Registry::get_instance()->get_all_registered();

trunk/src/wp-includes/rest-api/endpoints/class-wp-rest-block-types-controller.php

@@ -132 +132 @@
      */
     public function get_items( $request ) {
+        if ( $request->is_method( 'HEAD' ) ) {
+            // Return early as this handler doesn't add any response headers.
+            return new WP_REST_Response();
+        }
+
         $data        = array();
         $block_types = $this->block_registry->get_all_registered();
@@ -250 +255 @@
         // Restores the more descriptive, specific name for use within this method.
         $block_type = $item;
+
+        // Don't prepare the response body for HEAD requests.
+        if ( $request->is_method( 'HEAD' ) ) {
+            /** This filter is documented in wp-includes/rest-api/endpoints/class-wp-rest-block-types-controller.php */
+            return apply_filters( 'rest_prepare_block_type', new WP_REST_Response(), $block_type, $request );
+        }
 
         $fields = $this->get_fields_for_response( $request );

trunk/src/wp-includes/rest-api/endpoints/class-wp-rest-comments-controller.php

@@ -263 +263 @@
         }
 
+        $is_head_request = $request->is_method( 'HEAD' );
+        if ( $is_head_request ) {
+            // Force the 'fields' argument. For HEAD requests, only post IDs are required to calculate pagination.
+            $prepared_args['fields'] = 'ids';
+            // Disable priming comment meta for HEAD requests to improve performance.
+            $prepared_args['update_comment_meta_cache'] = false;
+        }
+
         /**
          * Filters WP_Comment_Query arguments when querying comments via the REST API.
@@ -278 +286 @@
         $query_result = $query->query( $prepared_args );
 
-        $comments = array();
-
-        foreach ( $query_result as $comment ) {
-            if ( ! $this->check_read_permission( $comment, $request ) ) {
-                continue;
-            }
-
-            $data       = $this->prepare_item_for_response( $comment, $request );
-            $comments[] = $this->prepare_response_for_collection( $data );
+        if ( ! $is_head_request ) {
+            $comments = array();
+
+            foreach ( $query_result as $comment ) {
+                if ( ! $this->check_read_permission( $comment, $request ) ) {
+                    continue;
+                }
+
+                $data       = $this->prepare_item_for_response( $comment, $request );
+                $comments[] = $this->prepare_response_for_collection( $data );
+            }
         }
 
@@ -304 +314 @@
         }
 
-        $response = rest_ensure_response( $comments );
+        $response = $is_head_request ? new WP_REST_Response() : rest_ensure_response( $comments );
         $response->header( 'X-WP-Total', $total_comments );
         $response->header( 'X-WP-TotalPages', $max_pages );
@@ -1041 +1051 @@
         // Restores the more descriptive, specific name for use within this method.
         $comment = $item;
+
+        // Don't prepare the response body for HEAD requests.
+        if ( $request->is_method( 'HEAD' ) ) {
+            /** This filter is documented in wp-includes/rest-api/endpoints/class-wp-rest-comments-controller.php */
+            return apply_filters( 'rest_prepare_comment', new WP_REST_Response(), $comment, $request );
+        }
 
         $fields = $this->get_fields_for_response( $request );

trunk/src/wp-includes/rest-api/endpoints/class-wp-rest-font-collections-controller.php

@@ -90 +90 @@
         $collections_page = array_slice( $collections_all, ( $page - 1 ) * $per_page, $per_page );
 
+        $is_head_request = $request->is_method( 'HEAD' );
+
         $items = array();
         foreach ( $collections_page as $collection ) {
@@ -98 +100 @@
                 continue;
             }
+
+            /*
+             * Skip preparing the response body for HEAD requests.
+             * Cannot exit earlier due to backward compatibility reasons,
+             * as validation occurs in the prepare_item_for_response method.
+             */
+            if ( $is_head_request ) {
+                continue;
+            }
+
             $item    = $this->prepare_response_for_collection( $item );
             $items[] = $item;
         }
 
-        $response = rest_ensure_response( $items );
+        $response = $is_head_request ? new WP_REST_Response() : rest_ensure_response( $items );
 
         $response->header( 'X-WP-Total', (int) $total_items );
@@ -176 +188 @@
             }
 
+            /**
+             * Don't prepare the response body for HEAD requests.
+             * Can't exit at the beginning of the method due to the potential need to return a WP_Error object.
+             */
+            if ( $request->is_method( 'HEAD' ) ) {
+                /** This filter is documented in wp-includes/rest-api/endpoints/class-wp-rest-font-collections-controller.php */
+                return apply_filters( 'rest_prepare_font_collection', new WP_REST_Response(), $item, $request );
+            }
+
             foreach ( $data_fields as $field ) {
                 if ( rest_is_field_included( $field, $fields ) ) {
@@ -181 +202 @@
                 }
             }
+        }
+
+        /**
+         * Don't prepare the response body for HEAD requests.
+         * Can't exit at the beginning of the method due to the potential need to return a WP_Error object.
+         */
+        if ( $request->is_method( 'HEAD' ) ) {
+            /** This filter is documented in wp-includes/rest-api/endpoints/class-wp-rest-font-collections-controller.php */
+            return apply_filters( 'rest_prepare_font_collection', new WP_REST_Response(), $item, $request );
         }
 

trunk/src/wp-includes/rest-api/endpoints/class-wp-rest-global-styles-revisions-controller.php

@@ -164 +164 @@
         }
 
+        $is_head_request = $request->is_method( 'HEAD' );
+
         if ( wp_revisions_enabled( $parent ) ) {
             $registered = $this->get_collection_params();
@@ -185 +187 @@
                     $query_args[ $wp_param ] = $request[ $api_param ];
                 }
+            }
+
+            if ( $is_head_request ) {
+                // Force the 'fields' argument. For HEAD requests, only post IDs are required to calculate pagination.
+                $query_args['fields'] = 'ids';
+                // Disable priming post meta for HEAD requests to improve performance.
+                $query_args['update_post_term_cache'] = false;
+                $query_args['update_post_meta_cache'] = false;
             }
 
@@ -229 +239 @@
         }
 
-        $response = array();
-
-        foreach ( $revisions as $revision ) {
-            $data       = $this->prepare_item_for_response( $revision, $request );
-            $response[] = $this->prepare_response_for_collection( $data );
-        }
-
-        $response = rest_ensure_response( $response );
+        if ( ! $is_head_request ) {
+            $response = array();
+
+            foreach ( $revisions as $revision ) {
+                $data       = $this->prepare_item_for_response( $revision, $request );
+                $response[] = $this->prepare_response_for_collection( $data );
+            }
+
+            $response = rest_ensure_response( $response );
+        } else {
+            $response = new WP_REST_Response();
+        }
 
         $response->header( 'X-WP-Total', (int) $total_revisions );
@@ -276 +290 @@
      */
     public function prepare_item_for_response( $post, $request ) {
+        // Don't prepare the response body for HEAD requests.
+        if ( $request->is_method( 'HEAD' ) ) {
+            return new WP_REST_Response();
+        }
+
         $parent               = $this->get_parent( $request['parent'] );
         $global_styles_config = $this->get_decoded_global_styles_json( $post->post_content );

trunk/src/wp-includes/rest-api/endpoints/class-wp-rest-pattern-directory-controller.php

@@ -160 +160 @@
 
             return $raw_patterns;
+        }
+
+        if ( $request->is_method( 'HEAD' ) ) {
+            // Return early as this handler doesn't add any response headers.
+            return new WP_REST_Response();
         }
 

trunk/src/wp-includes/rest-api/endpoints/class-wp-rest-post-types-controller.php

@@ -110 +110 @@
      */
     public function get_items( $request ) {
+        if ( $request->is_method( 'HEAD' ) ) {
+            // Return early as this handler doesn't add any response headers.
+            return new WP_REST_Response();
+        }
+
         $data  = array();
         $types = get_post_types( array( 'show_in_rest' => true ), 'objects' );
@@ -178 +183 @@
         // Restores the more descriptive, specific name for use within this method.
         $post_type = $item;
+
+        // Don't prepare the response body for HEAD requests.
+        if ( $request->is_method( 'HEAD' ) ) {
+            /** This filter is documented in wp-includes/rest-api/endpoints/class-wp-rest-post-types-controller.php */
+            return apply_filters( 'rest_prepare_post_type', new WP_REST_Response(), $post_type, $request );
+        }
 
         $taxonomies = wp_list_filter( get_object_taxonomies( $post_type->name, 'objects' ), array( 'show_in_rest' => true ) );

trunk/src/wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php

@@ -412 +412 @@
         $args['post_type'] = $this->post_type;
 
+        $is_head_request = $request->is_method( 'HEAD' );
+        if ( $is_head_request ) {
+            // Force the 'fields' argument. For HEAD requests, only post IDs are required to calculate pagination.
+            $args['fields'] = 'ids';
+            // Disable priming post meta for HEAD requests to improve performance.
+            $args['update_post_term_cache'] = false;
+            $args['update_post_meta_cache'] = false;
+        }
+
         /**
          * Filters WP_Query arguments when querying posts via the REST API.
@@ -444 +453 @@
         }
 
-        $posts = array();
-
-        update_post_author_caches( $query_result );
-        update_post_parent_caches( $query_result );
-
-        if ( post_type_supports( $this->post_type, 'thumbnail' ) ) {
-            update_post_thumbnail_cache( $posts_query );
-        }
-
-        foreach ( $query_result as $post ) {
-            if ( ! $this->check_read_permission( $post ) ) {
-                continue;
-            }
-
-            $data    = $this->prepare_item_for_response( $post, $request );
-            $posts[] = $this->prepare_response_for_collection( $data );
+        if ( ! $is_head_request ) {
+            $posts = array();
+
+            update_post_author_caches( $query_result );
+            update_post_parent_caches( $query_result );
+
+            if ( post_type_supports( $this->post_type, 'thumbnail' ) ) {
+                update_post_thumbnail_cache( $posts_query );
+            }
+
+            foreach ( $query_result as $post ) {
+                if ( ! $this->check_read_permission( $post ) ) {
+                    continue;
+                }
+
+                $data    = $this->prepare_item_for_response( $post, $request );
+                $posts[] = $this->prepare_response_for_collection( $data );
+            }
         }
 
@@ -489 +500 @@
         }
 
-        $response = rest_ensure_response( $posts );
+        $response = $is_head_request ? new WP_REST_Response() : rest_ensure_response( $posts );
 
         $response->header( 'X-WP-Total', (int) $total_posts );
@@ -1833 +1844 @@
 
         setup_postdata( $post );
+
+        // Don't prepare the response body for HEAD requests.
+        if ( $request->is_method( 'HEAD' ) ) {
+            /** This filter is documented in wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php */
+            return apply_filters( "rest_prepare_{$this->post_type}", new WP_REST_Response(), $post, $request );
+        }
 
         $fields = $this->get_fields_for_response( $request );

trunk/src/wp-includes/rest-api/endpoints/class-wp-rest-revisions-controller.php

@@ -254 +254 @@
         }
 
+        $is_head_request = $request->is_method( 'HEAD' );
+
         if ( wp_revisions_enabled( $parent ) ) {
             $registered = $this->get_collection_params();
@@ -286 +288 @@
             if ( isset( $args['orderby'] ) && 'date' === $args['orderby'] ) {
                 $args['orderby'] = 'date ID';
+            }
+
+            if ( $is_head_request ) {
+                // Force the 'fields' argument. For HEAD requests, only post IDs are required to calculate pagination.
+                $args['fields'] = 'ids';
+                // Disable priming post meta for HEAD requests to improve performance.
+                $args['update_post_term_cache'] = false;
+                $args['update_post_meta_cache'] = false;
             }
 
@@ -336 +346 @@
         }
 
-        $response = array();
-
-        foreach ( $revisions as $revision ) {
-            $data       = $this->prepare_item_for_response( $revision, $request );
-            $response[] = $this->prepare_response_for_collection( $data );
-        }
-
-        $response = rest_ensure_response( $response );
+        if ( ! $is_head_request ) {
+            $response = array();
+
+            foreach ( $revisions as $revision ) {
+                $data       = $this->prepare_item_for_response( $revision, $request );
+                $response[] = $this->prepare_response_for_collection( $data );
+            }
+
+            $response = rest_ensure_response( $response );
+        } else {
+            $response = new WP_REST_Response();
+        }
 
         $response->header( 'X-WP-Total', (int) $total_revisions );
@@ -574 +588 @@
 
         setup_postdata( $post );
+
+        // Don't prepare the response body for HEAD requests.
+        if ( $request->is_method( 'HEAD' ) ) {
+            /** This filter is documented in wp-includes/rest-api/endpoints/class-wp-rest-revisions-controller.php */
+            return apply_filters( 'rest_prepare_revision', new WP_REST_Response(), $post, $request );
+        }
 
         $fields = $this->get_fields_for_response( $request );

trunk/src/wp-includes/rest-api/endpoints/class-wp-rest-search-controller.php

@@ -143 +143 @@
         $ids = $result[ WP_REST_Search_Handler::RESULT_IDS ];
 
-        $results = array();
-
-        foreach ( $ids as $id ) {
-            $data      = $this->prepare_item_for_response( $id, $request );
-            $results[] = $this->prepare_response_for_collection( $data );
+        $is_head_request = $request->is_method( 'HEAD' );
+        if ( ! $is_head_request ) {
+            $results = array();
+
+            foreach ( $ids as $id ) {
+                $data      = $this->prepare_item_for_response( $id, $request );
+                $results[] = $this->prepare_response_for_collection( $data );
+            }
         }
 
@@ -163 +166 @@
         }
 
-        $response = rest_ensure_response( $results );
+        $response = $is_head_request ? new WP_REST_Response() : rest_ensure_response( $results );
         $response->header( 'X-WP-Total', $total );
         $response->header( 'X-WP-TotalPages', $max_pages );

trunk/src/wp-includes/rest-api/endpoints/class-wp-rest-sidebars-controller.php

@@ -120 +120 @@
      */
     public function get_items( $request ) {
+        if ( $request->is_method( 'HEAD' ) ) {
+            // Return early as this handler doesn't add any response headers.
+            return new WP_REST_Response();
+        }
+
         $this->retrieve_widgets();
 
@@ -321 +326 @@
         // Restores the more descriptive, specific name for use within this method.
         $raw_sidebar = $item;
+
+        // Don't prepare the response body for HEAD requests.
+        if ( $request->is_method( 'HEAD' ) ) {
+            /** This filter is documented in wp-includes/rest-api/endpoints/class-wp-rest-sidebars-controller.php */
+            return apply_filters( 'rest_prepare_sidebar', new WP_REST_Response(), $raw_sidebar, $request );
+        }
 
         $id      = $raw_sidebar['id'];

trunk/src/wp-includes/rest-api/endpoints/class-wp-rest-taxonomies-controller.php

@@ -114 +114 @@
      */
     public function get_items( $request ) {
+        if ( $request->is_method( 'HEAD' ) ) {
+            // Return early as this handler doesn't add any response headers.
+            return new WP_REST_Response();
+        }
 
         // Retrieve the list of registered collection query parameters.
@@ -210 +214 @@
         // Restores the more descriptive, specific name for use within this method.
         $taxonomy = $item;
+
+        // Don't prepare the response body for HEAD requests.
+        if ( $request->is_method( 'HEAD' ) ) {
+            /** This filter is documented in wp-includes/rest-api/endpoints/class-wp-rest-taxonomies-controller.php */
+            return apply_filters( 'rest_prepare_taxonomy', new WP_REST_Response(), $taxonomy, $request );
+        }
 
         $base = ! empty( $taxonomy->rest_base ) ? $taxonomy->rest_base : $taxonomy->name;

trunk/src/wp-includes/rest-api/endpoints/class-wp-rest-template-autosaves-controller.php

@@ -176 +176 @@
         $response = $this->parent_controller->prepare_item_for_response( $template, $request );
 
+        // Don't prepare the response body for HEAD requests.
+        if ( $request->is_method( 'HEAD' ) ) {
+            return $response;
+        }
+
         $fields = $this->get_fields_for_response( $request );
         $data   = $response->get_data();

trunk/src/wp-includes/rest-api/endpoints/class-wp-rest-template-revisions-controller.php

@@ -201 +201 @@
         $response = $this->parent_controller->prepare_item_for_response( $template, $request );
 
+        // Don't prepare the response body for HEAD requests.
+        if ( $request->is_method( 'HEAD' ) ) {
+            return $response;
+        }
+
         $fields = $this->get_fields_for_response( $request );
         $data   = $response->get_data();

trunk/src/wp-includes/rest-api/endpoints/class-wp-rest-templates-controller.php

@@ -270 +270 @@
      */
     public function get_items( $request ) {
+        if ( $request->is_method( 'HEAD' ) ) {
+            // Return early as this handler doesn't add any response headers.
+            return new WP_REST_Response();
+        }
+
         $query = array();
         if ( isset( $request['wp_id'] ) ) {
@@ -669 +674 @@
      */
     public function prepare_item_for_response( $item, $request ) {
+        // Don't prepare the response body for HEAD requests.
+        if ( $request->is_method( 'HEAD' ) ) {
+            return new WP_REST_Response();
+        }
+
         /*
          * Resolve pattern blocks so they don't need to be resolved client-side

trunk/src/wp-includes/rest-api/endpoints/class-wp-rest-terms-controller.php

@@ -313 +313 @@
         }
 
+        $is_head_request = $request->is_method( 'HEAD' );
+        if ( $is_head_request ) {
+            // Force the 'fields' argument. For HEAD requests, only term IDs are required.
+            $prepared_args['fields'] = 'ids';
+            // Disable priming term meta for HEAD requests to improve performance.
+            $prepared_args['update_term_meta_cache'] = false;
+        }
+
         /**
          * Filters get_terms() arguments when querying terms via the REST API.
@@ -355 +363 @@
         }
 
-        $response = array();
-
-        foreach ( $query_result as $term ) {
-            $data       = $this->prepare_item_for_response( $term, $request );
-            $response[] = $this->prepare_response_for_collection( $data );
-        }
-
-        $response = rest_ensure_response( $response );
+        if ( ! $is_head_request ) {
+            $response = array();
+            foreach ( $query_result as $term ) {
+                $data       = $this->prepare_item_for_response( $term, $request );
+                $response[] = $this->prepare_response_for_collection( $data );
+            }
+        }
+
+        $response = $is_head_request ? new WP_REST_Response() : rest_ensure_response( $response );
 
         // Store pagination values for headers.
@@ -887 +896 @@
      */
     public function prepare_item_for_response( $item, $request ) {
+
+        // Don't prepare the response body for HEAD requests.
+        if ( $request->is_method( 'HEAD' ) ) {
+            /** This filter is documented in wp-includes/rest-api/endpoints/class-wp-rest-terms-controller.php */
+            return apply_filters( "rest_prepare_{$this->taxonomy}", new WP_REST_Response(), $item, $request );
+        }
 
         $fields = $this->get_fields_for_response( $request );

trunk/src/wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php

@@ -356 +356 @@
             $prepared_args['search'] = '*' . $prepared_args['search'] . '*';
         }
+
+        $is_head_request = $request->is_method( 'HEAD' );
+        if ( $is_head_request ) {
+            // Force the 'fields' argument. For HEAD requests, only user IDs are required.
+            $prepared_args['fields'] = 'id';
+        }
         /**
          * Filters WP_User_Query arguments when querying users via the REST API.
@@ -370 +376 @@
         $query = new WP_User_Query( $prepared_args );
 
-        $users = array();
-
-        foreach ( $query->get_results() as $user ) {
-            $data    = $this->prepare_item_for_response( $user, $request );
-            $users[] = $this->prepare_response_for_collection( $data );
-        }
-
-        $response = rest_ensure_response( $users );
+        if ( ! $is_head_request ) {
+            $users = array();
+
+            foreach ( $query->get_results() as $user ) {
+                $data    = $this->prepare_item_for_response( $user, $request );
+                $users[] = $this->prepare_response_for_collection( $data );
+            }
+        }
+
+        $response = $is_head_request ? new WP_REST_Response() : rest_ensure_response( $users );
 
         // Store pagination values for headers then unset for count query.
@@ -1021 +1029 @@
         // Restores the more descriptive, specific name for use within this method.
         $user = $item;
+
+        // Don't prepare the response body for HEAD requests.
+        if ( $request->is_method( 'HEAD' ) ) {
+            /** This filter is documented in wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php */
+            return apply_filters( 'rest_prepare_user', new WP_REST_Response(), $user, $request );
+        }
 
         $fields = $this->get_fields_for_response( $request );

trunk/src/wp-includes/rest-api/endpoints/class-wp-rest-widget-types-controller.php

@@ -146 +146 @@
      */
     public function get_items( $request ) {
+        if ( $request->is_method( 'HEAD' ) ) {
+            // Return early as this handler doesn't add any response headers.
+            return new WP_REST_Response();
+        }
+
         $data = array();
         foreach ( $this->get_widgets() as $widget ) {
@@ -298 +303 @@
         // Restores the more descriptive, specific name for use within this method.
         $widget_type = $item;
+
+        // Don't prepare the response body for HEAD requests.
+        if ( $request->is_method( 'HEAD' ) ) {
+            /** This filter is documented in wp-includes/rest-api/endpoints/class-wp-rest-widget-types-controller.php */
+            return apply_filters( 'rest_prepare_widget_type', new WP_REST_Response(), $widget_type, $request );
+        }
 
         $fields = $this->get_fields_for_response( $request );

trunk/src/wp-includes/rest-api/endpoints/class-wp-rest-widgets-controller.php

@@ -137 +137 @@
      */
     public function get_items( $request ) {
+        if ( $request->is_method( 'HEAD' ) ) {
+            // Return early as this handler doesn't add any response headers.
+            return new WP_REST_Response();
+        }
+
         $this->retrieve_widgets();
 
@@ -679 +684 @@
 
         $widget    = $wp_registered_widgets[ $widget_id ];
+        // Don't prepare the response body for HEAD requests.
+        if ( $request->is_method( 'HEAD' ) ) {
+            /** This filter is documented in wp-includes/rest-api/endpoints/class-wp-rest-widgets-controller.php */
+            return apply_filters( 'rest_prepare_widget', new WP_REST_Response(), $widget, $request );
+        }
+
         $parsed_id = wp_parse_widget_id( $widget_id );
         $fields    = $this->get_fields_for_response( $request );

trunk/tests/phpunit/tests/fonts/font-library/wpRestFontCollectionsController.php

@@ -79 +79 @@
 
     /**
+     * @dataProvider data_readable_http_methods
      * @covers WP_REST_Font_Collections_Controller::get_items
-     */
-    public function test_get_items_should_only_return_valid_collections() {
+     * @ticket 56481
+     *
+     * @param string $method The HTTP method to use.
+     */
+    public function test_get_items_should_only_return_valid_collections( $method ) {
         $this->setExpectedIncorrectUsage( 'WP_Font_Collection::load_from_json' );
 
@@ -93 +97 @@
         );
 
-        $request  = new WP_REST_Request( 'GET', '/wp/v2/font-collections' );
+        $request  = new WP_REST_Request( $method, '/wp/v2/font-collections' );
         $response = rest_get_server()->dispatch( $request );
         $content  = $response->get_data();
@@ -100 +104 @@
 
         $this->assertSame( 200, $response->get_status(), 'The response status should be 200.' );
-        $this->assertCount( 1, $content, 'The response should only contain valid collections.' );
+        if ( 'HEAD' !== $method ) {
+            $this->assertCount( 1, $content, 'The response should only contain valid collections.' );
+            return null;
+        }
+
+        $this->assertNull( $content, 'The response should be empty.' );
+        $headers = $response->get_headers();
+        $this->assertArrayHasKey( 'X-WP-Total', $headers, 'The "X-WP-Total" header should be present in the response.' );
+        // Includes non-valid collections.
+        $this->assertSame( 2, $headers['X-WP-Total'], 'The "X-WP-Total" header value should be equal to 1.' );
     }
 
@@ -128 +141 @@
 
     /**
+     * @dataProvider data_readable_http_methods
+     * @ticket 56481
+     *
+     * @param string $method The HTTP method to use.
+     */
+    public function test_get_item_should_allow_adding_headers_via_filter( $method ) {
+        $hook_name = 'rest_prepare_font_collection';
+        $filter    = new MockAction();
+        $callback  = array( $filter, 'filter' );
+        add_filter( $hook_name, $callback );
+        $header_filter = new class() {
+            public static function add_custom_header( $response ) {
+                $response->header( 'X-Test-Header', 'Test' );
+
+                return $response;
+            }
+        };
+        add_filter( $hook_name, array( $header_filter, 'add_custom_header' ) );
+        wp_set_current_user( self::$admin_id );
+        $request  = new WP_REST_Request( $method, '/wp/v2/font-collections/mock-col-slug' );
+        $response = rest_get_server()->dispatch( $request );
+        remove_filter( $hook_name, $callback );
+        remove_filter( $hook_name, array( $header_filter, 'add_custom_header' ) );
+
+        $this->assertSame( 200, $response->get_status(), 'The response status should be 200.' );
+        $this->assertSame( 1, $filter->get_call_count(), 'The "' . $hook_name . '" filter was not called when it should be for GET/HEAD requests.' );
+        $headers = $response->get_headers();
+        $this->assertArrayHasKey( 'X-Test-Header', $headers, 'The "X-Test-Header" header should be present in the response.' );
+        $this->assertSame( 'Test', $headers['X-Test-Header'], 'The "X-Test-Header" header value should be equal to "Test".' );
+        if ( 'HEAD' !== $method ) {
+            return null;
+        }
+        $this->assertNull( $response->get_data(), 'The server should not generate a body in response to a HEAD request.' );
+    }
+
+    /**
+     * Data provider intended to provide HTTP method names for testing GET and HEAD requests.
+     *
+     * @return array
+     */
+    public static function data_readable_http_methods() {
+        return array(
+            'GET request'  => array( 'GET' ),
+            'HEAD request' => array( 'HEAD' ),
+        );
+    }
+
+    /**
+     * @dataProvider data_readable_http_methods
      * @covers WP_REST_Font_Collections_Controller::get_item
-     */
-    public function test_get_item_invalid_slug() {
-        wp_set_current_user( self::$admin_id );
-        $request  = new WP_REST_Request( 'GET', '/wp/v2/font-collections/non-existing-collection' );
+     * @ticket 56481
+     *
+     * @param string $method The HTTP method to use.
+     */
+    public function test_get_item_invalid_slug( $method ) {
+        wp_set_current_user( self::$admin_id );
+        $request  = new WP_REST_Request( $method, '/wp/v2/font-collections/non-existing-collection' );
         $response = rest_get_server()->dispatch( $request );
         $this->assertErrorResponse( 'rest_font_collection_not_found', $response, 404 );
@@ -138 +203 @@
 
     /**
+     * @dataProvider data_readable_http_methods
      * @covers WP_REST_Font_Collections_Controller::get_item
-     */
-    public function test_get_item_invalid_collection() {
+     * @ticket 56481
+     *
+     * @param string $method The HTTP method to use.
+     */
+    public function test_get_item_invalid_collection( $method ) {
         $this->setExpectedIncorrectUsage( 'WP_Font_Collection::load_from_json' );
 
@@ -153 +222 @@
         );
 
-        $request  = new WP_REST_Request( 'GET', '/wp/v2/font-collections/' . $slug );
+        $request  = new WP_REST_Request( $method, '/wp/v2/font-collections/' . $slug );
         $response = rest_get_server()->dispatch( $request );
 
@@ -162 +231 @@
 
     /**
+     * @dataProvider data_readable_http_methods
      * @covers WP_REST_Font_Collections_Controller::get_item
-     */
-    public function test_get_item_invalid_id_permission() {
-        $request = new WP_REST_Request( 'GET', '/wp/v2/font-collections/mock-col-slug' );
+     * @ticket 56481
+     *
+     * @param string $method The HTTP method to use.
+     */
+    public function test_get_item_invalid_id_permission( $method ) {
+        $request = new WP_REST_Request( $method, '/wp/v2/font-collections/mock-col-slug' );
 
         wp_set_current_user( 0 );

trunk/tests/phpunit/tests/rest-api/rest-autosaves-controller.php

@@ -180 +180 @@
     }
 
-    public function test_get_items_no_permission() {
+    /**
+     * @ticket 56481
+     */
+    public function test_get_items_with_head_request_should_not_prepare_autosaves_data() {
+        $request = new WP_REST_Request( 'HEAD', '/wp/v2/posts/' . self::$post_id . '/autosaves' );
+
+        $hook_name = 'rest_prepare_autosave';
+        $filter    = new MockAction();
+        $callback  = array( $filter, 'filter' );
+
+        add_filter( $hook_name, $callback );
+        $response = rest_get_server()->dispatch( $request );
+        remove_filter( $hook_name, $callback );
+
+        $this->assertNotWPError( $response );
+        $this->assertSame( 200, $response->get_status(), 'The response status should be 200.' );
+        $this->assertSame( 0, $filter->get_call_count(), 'The "' . $hook_name . '" filter was called when it should not be for HEAD requests.' );
+        $this->assertNull( $response->get_data(), 'The server should not generate a body in response to a HEAD request.' );
+    }
+
+    /**
+     * @dataProvider data_readable_http_methods
+     * @ticket 56481
+     *
+     * @param string $method The HTTP method to use.
+     */
+    public function test_get_items_no_permission( $method ) {
         wp_set_current_user( 0 );
-        $request  = new WP_REST_Request( 'GET', '/wp/v2/posts/' . self::$post_id . '/autosaves' );
+        $request  = new WP_REST_Request( $method, '/wp/v2/posts/' . self::$post_id . '/autosaves' );
         $response = rest_get_server()->dispatch( $request );
         $this->assertErrorResponse( 'rest_cannot_read', $response, 401 );
@@ -190 +216 @@
     }
 
-    public function test_get_items_missing_parent() {
-        wp_set_current_user( self::$editor_id );
-        $request  = new WP_REST_Request( 'GET', '/wp/v2/posts/' . REST_TESTS_IMPOSSIBLY_HIGH_NUMBER . '/autosaves' );
+    /**
+     * Data provider intended to provide HTTP method names for testing GET and HEAD requests.
+     *
+     * @return array
+     */
+    public static function data_readable_http_methods() {
+        return array(
+            'GET request'  => array( 'GET' ),
+            'HEAD request' => array( 'HEAD' ),
+        );
+    }
+
+    /**
+     * @dataProvider data_readable_http_methods
+     * @ticket 56481
+     *
+     * @param string $method The HTTP method to use.
+     */
+    public function test_get_items_missing_parent( $method ) {
+        wp_set_current_user( self::$editor_id );
+        $request  = new WP_REST_Request( $method, '/wp/v2/posts/' . REST_TESTS_IMPOSSIBLY_HIGH_NUMBER . '/autosaves' );
         $response = rest_get_server()->dispatch( $request );
         $this->assertErrorResponse( 'rest_post_invalid_parent', $response, 404 );
     }
 
-    public function test_get_items_invalid_parent_post_type() {
-        wp_set_current_user( self::$editor_id );
-        $request  = new WP_REST_Request( 'GET', '/wp/v2/posts/' . self::$page_id . '/autosaves' );
+    /**
+     * @dataProvider data_readable_http_methods
+     * @ticket 56481
+     *
+     * @param string $method The HTTP method to use.
+     */
+    public function test_get_items_invalid_parent_post_type( $method ) {
+        wp_set_current_user( self::$editor_id );
+        $request  = new WP_REST_Request( $method, '/wp/v2/posts/' . self::$page_id . '/autosaves' );
         $response = rest_get_server()->dispatch( $request );
         $this->assertErrorResponse( 'rest_post_invalid_parent', $response, 404 );
@@ -231 +281 @@
     }
 
+    /**
+     * @dataProvider data_readable_http_methods
+     * @ticket 56481
+     *
+     * @param string $method The HTTP method to use.
+     */
+    public function test_get_item_should_allow_adding_headers_via_filter( $method ) {
+        wp_set_current_user( self::$editor_id );
+        $request = new WP_REST_Request( $method, '/wp/v2/posts/' . self::$post_id . '/autosaves/' . self::$autosave_post_id );
+
+        $hook_name = 'rest_prepare_autosave';
+        $filter    = new MockAction();
+        $callback  = array( $filter, 'filter' );
+        add_filter( $hook_name, $callback );
+        $header_filter = new class() {
+            public static function add_custom_header( $response ) {
+                $response->header( 'X-Test-Header', 'Test' );
+
+                return $response;
+            }
+        };
+        add_filter( $hook_name, array( $header_filter, 'add_custom_header' ) );
+        $response = rest_get_server()->dispatch( $request );
+        remove_filter( $hook_name, $callback );
+        remove_filter( $hook_name, array( $header_filter, 'add_custom_header' ) );
+
+        $this->assertSame( 200, $response->get_status(), 'The response status should be 200.' );
+        $this->assertSame( 1, $filter->get_call_count(), 'The "' . $hook_name . '" filter was not called when it should be for GET/HEAD requests.' );
+        $headers = $response->get_headers();
+        $this->assertArrayHasKey( 'X-Test-Header', $headers, 'The "X-Test-Header" header should be present in the response.' );
+        $this->assertSame( 'Test', $headers['X-Test-Header'], 'The "X-Test-Header" header value should be equal to "Test".' );
+        if ( 'HEAD' !== $method ) {
+            return null;
+        }
+        $this->assertNull( $response->get_data(), 'The server should not generate a body in response to a HEAD request.' );
+    }
+
     public function test_get_item_embed_context() {
         wp_set_current_user( self::$editor_id );
@@ -249 +336 @@
     }
 
-    public function test_get_item_no_permission() {
-        $request = new WP_REST_Request( 'GET', '/wp/v2/posts/' . self::$post_id . '/autosaves/' . self::$autosave_post_id );
+    /**
+     * @dataProvider data_readable_http_methods
+     * @ticket 56481
+     *
+     * @param string $method The HTTP method to use.
+     */
+    public function test_get_item_no_permission( $method ) {
+        $request = new WP_REST_Request( $method, '/wp/v2/posts/' . self::$post_id . '/autosaves/' . self::$autosave_post_id );
         wp_set_current_user( self::$contributor_id );
         $response = rest_get_server()->dispatch( $request );
@@ -256 +349 @@
     }
 
-    public function test_get_item_missing_parent() {
-        wp_set_current_user( self::$editor_id );
-        $request  = new WP_REST_Request( 'GET', '/wp/v2/posts/' . REST_TESTS_IMPOSSIBLY_HIGH_NUMBER . '/autosaves/' . self::$autosave_post_id );
+    /**
+     * @dataProvider data_readable_http_methods
+     * @ticket 56481
+     *
+     * @param string $method The HTTP method to use.
+     */
+    public function test_get_item_missing_parent( $method ) {
+        wp_set_current_user( self::$editor_id );
+        $request  = new WP_REST_Request( $method, '/wp/v2/posts/' . REST_TESTS_IMPOSSIBLY_HIGH_NUMBER . '/autosaves/' . self::$autosave_post_id );
         $response = rest_get_server()->dispatch( $request );
         $this->assertErrorResponse( 'rest_post_invalid_parent', $response, 404 );
     }
 
-    public function test_get_item_invalid_parent_post_type() {
-        wp_set_current_user( self::$editor_id );
-        $request  = new WP_REST_Request( 'GET', '/wp/v2/posts/' . self::$page_id . '/autosaves' );
+    /**
+     * @dataProvider data_readable_http_methods
+     * @ticket 56481
+     *
+     * @param string $method The HTTP method to use.
+     */
+    public function test_get_item_invalid_parent_post_type( $method ) {
+        wp_set_current_user( self::$editor_id );
+        $request  = new WP_REST_Request( $method, '/wp/v2/posts/' . self::$page_id . '/autosaves' );
         $response = rest_get_server()->dispatch( $request );
         $this->assertErrorResponse( 'rest_post_invalid_parent', $response, 404 );

trunk/tests/phpunit/tests/rest-api/rest-block-type-controller.php

@@ -603 +603 @@
 
     /**
-     * @ticket 47620
-     */
-    public function test_get_items_wrong_permission() {
+     * @dataProvider data_readable_http_methods
+     * @ticket 56481
+     *
+     * @param string $method The HTTP method to use.
+     */
+    public function test_get_item_should_allow_adding_headers_via_filter( $method ) {
+        $block_name = 'fake/test';
+        wp_set_current_user( self::$admin_id );
+
+        $hook_name = 'rest_prepare_block_type';
+        $filter    = new MockAction();
+        $callback  = array( $filter, 'filter' );
+        add_filter( $hook_name, $callback );
+        $header_filter = new class() {
+            public static function add_custom_header( $response ) {
+                $response->header( 'X-Test-Header', 'Test' );
+
+                return $response;
+            }
+        };
+        add_filter( $hook_name, array( $header_filter, 'add_custom_header' ) );
+        $request  = new WP_REST_Request( $method, '/wp/v2/block-types/' . $block_name );
+        $response = rest_get_server()->dispatch( $request );
+        remove_filter( $hook_name, $callback );
+        remove_filter( $hook_name, array( $header_filter, 'add_custom_header' ) );
+
+        $this->assertSame( 200, $response->get_status(), 'The response status should be 200.' );
+        $this->assertSame( 1, $filter->get_call_count(), 'The "' . $hook_name . '" filter was called when it should not be for HEAD requests.' );
+        $headers = $response->get_headers();
+        $this->assertArrayHasKey( 'X-Test-Header', $headers, 'The "X-Test-Header" header should be present in the response.' );
+        $this->assertSame( 'Test', $headers['X-Test-Header'], 'The "X-Test-Header" header value should be equal to "Test".' );
+        if ( 'HEAD' !== $method ) {
+            return null;
+        }
+        $this->assertNull( $response->get_data(), 'The server should not generate a body in response to a HEAD request.' );
+    }
+
+    /**
+     * Data provider intended to provide HTTP method names for testing GET and HEAD requests.
+     *
+     * @return array
+     */
+    public static function data_readable_http_methods() {
+        return array(
+            'GET request'  => array( 'GET' ),
+            'HEAD request' => array( 'HEAD' ),
+        );
+    }
+
+    /**
+     * @ticket 56481
+     */
+    public function test_get_items_with_head_request_should_not_prepare_block_type_data() {
+        wp_set_current_user( self::$admin_id );
+        $request  = new WP_REST_Request( 'HEAD', '/wp/v2/block-types' );
+        $response = rest_get_server()->dispatch( $request );
+        $this->assertSame( 200, $response->get_status(), 'The response status should be 200.' );
+        $this->assertNull( $response->get_data(), 'The server should not generate a body in response to a HEAD request.' );
+    }
+
+    /**
+     * @dataProvider data_readable_http_methods
+     * @ticket 47620
+     * @ticket 56481
+     *
+     * @param string $method HTTP method to use.
+     */
+    public function test_get_items_wrong_permission( $method ) {
         wp_set_current_user( self::$subscriber_id );
-        $request  = new WP_REST_Request( 'GET', '/wp/v2/block-types' );
+        $request  = new WP_REST_Request( $method, '/wp/v2/block-types' );
         $response = rest_get_server()->dispatch( $request );
         $this->assertErrorResponse( 'rest_block_type_cannot_view', $response, 403 );
@@ -613 +678 @@
 
     /**
-     * @ticket 47620
-     */
-    public function test_get_item_wrong_permission() {
+     * @dataProvider data_readable_http_methods
+     * @ticket 47620
+     * @ticket 56481
+     *
+     * @param string $method HTTP method to use.
+     */
+    public function test_get_item_wrong_permission( $method ) {
         wp_set_current_user( self::$subscriber_id );
-        $request  = new WP_REST_Request( 'GET', '/wp/v2/block-types/fake/test' );
+        $request  = new WP_REST_Request( $method, '/wp/v2/block-types/fake/test' );
         $response = rest_get_server()->dispatch( $request );
         $this->assertErrorResponse( 'rest_block_type_cannot_view', $response, 403 );
@@ -623 +692 @@
 
     /**
-     * @ticket 47620
-     */
-    public function test_get_items_no_permission() {
+     * @dataProvider data_readable_http_methods
+     * @ticket 47620
+     * @ticket 56481
+     *
+     * @param string $method HTTP method to use.
+     */
+    public function test_get_items_no_permission( $method ) {
         wp_set_current_user( 0 );
-        $request  = new WP_REST_Request( 'GET', '/wp/v2/block-types' );
+        $request  = new WP_REST_Request( $method, '/wp/v2/block-types' );
         $response = rest_get_server()->dispatch( $request );
         $this->assertErrorResponse( 'rest_block_type_cannot_view', $response, 401 );
@@ -633 +706 @@
 
     /**
-     * @ticket 47620
-     */
-    public function test_get_item_no_permission() {
+     * @dataProvider data_readable_http_methods
+     * @ticket 47620
+     * @ticket 56481
+     *
+     * @param string $method HTTP method to use.
+     */
+    public function test_get_item_no_permission( $method ) {
         wp_set_current_user( 0 );
-        $request  = new WP_REST_Request( 'GET', '/wp/v2/block-types/fake/test' );
+        $request  = new WP_REST_Request( $method, '/wp/v2/block-types/fake/test' );
         $response = rest_get_server()->dispatch( $request );
         $this->assertErrorResponse( 'rest_block_type_cannot_view', $response, 401 );
@@ -643 +720 @@
 
     /**
-     * @ticket 47620
+     * @dataProvider data_readable_http_methods
+     * @ticket 47620
+     * @ticket 56481
+     *
+     * @param string $method HTTP method to use.
      */
     public function test_prepare_item() {

trunk/tests/phpunit/tests/rest-api/rest-categories-controller.php

@@ -577 +577 @@
     }
 
-    public function test_get_terms_invalid_parent_arg() {
-        $request = new WP_REST_Request( 'GET', '/wp/v2/categories' );
+    /**
+     * @dataProvider data_readable_http_methods
+     * @ticket 56481
+     *
+     * @param string $method HTTP method to use.
+     */
+    public function test_get_terms_invalid_parent_arg( $method ) {
+        $request = new WP_REST_Request( $method, '/wp/v2/categories' );
         $request->set_param( 'parent', 'invalid-parent' );
         $response = rest_get_server()->dispatch( $request );
@@ -610 +616 @@
     }
 
-    public function test_get_terms_pagination_headers() {
+    /**
+     * @dataProvider data_readable_http_methods
+     * @ticket 56481
+     *
+     * @param string $method HTTP method to use.
+     */
+    public function test_get_terms_pagination_headers( $method ) {
         $total_categories = self::$total_categories;
         $total_pages      = (int) ceil( $total_categories / 10 );
 
         // Start of the index + Uncategorized default term.
-        $request  = new WP_REST_Request( 'GET', '/wp/v2/categories' );
+        $request  = new WP_REST_Request( $method, '/wp/v2/categories' );
         $response = rest_get_server()->dispatch( $request );
         $headers  = $response->get_headers();
         $this->assertSame( $total_categories, $headers['X-WP-Total'] );
         $this->assertSame( $total_pages, $headers['X-WP-TotalPages'] );
-        $this->assertCount( 10, $response->get_data() );
+        if ( 'HEAD' !== $method ) {
+            $this->assertCount( 10, $response->get_data() );
+        }
         $next_link = add_query_arg(
             array(
@@ -663 +677 @@
         $this->assertSame( $total_categories, $headers['X-WP-Total'] );
         $this->assertSame( $total_pages, $headers['X-WP-TotalPages'] );
-        $this->assertCount( 1, $response->get_data() );
+        if ( 'HEAD' !== $method ) {
+            $this->assertCount( 1, $response->get_data() );
+        }
         $prev_link = add_query_arg(
             array(
@@ -680 +696 @@
         $this->assertSame( $total_categories, $headers['X-WP-Total'] );
         $this->assertSame( $total_pages, $headers['X-WP-TotalPages'] );
-        $this->assertCount( 0, $response->get_data() );
+        if ( 'HEAD' !== $method ) {
+            $this->assertCount( 0, $response->get_data() );
+        }
         $prev_link = add_query_arg(
             array(
@@ -1237 +1255 @@
         $this->check_taxonomy_term( $category, $data, $response->get_links() );
     }
+
+    /**
+     * @dataProvider data_readable_http_methods
+     * @ticket 56481
+     *
+     * @param string $method HTTP method to use.
+     */
+    public function test_get_items_only_fetches_ids_for_head_requests( $method ) {
+        $is_head_request = 'HEAD' === $method;
+        $request         = new WP_REST_Request( $method, '/wp/v2/categories' );
+
+        $filter = new MockAction();
+
+        add_filter( 'terms_pre_query', array( $filter, 'filter' ), 10, 2 );
+
+        $response = rest_get_server()->dispatch( $request );
+
+        $this->assertSame( 200, $response->get_status() );
+        if ( $is_head_request ) {
+            $this->assertEmpty( $response->get_data() );
+        } else {
+            $this->assertNotEmpty( $response->get_data() );
+        }
+
+        $args = $filter->get_args();
+        $this->assertTrue( isset( $args[0][1] ), 'Query parameters were not captured.' );
+        $this->assertInstanceOf( WP_Term_Query::class, $args[0][1], 'Query parameters were not captured.' );
+
+        /** @var WP_Term_Query $query */
+        $query = $args[0][1];
+
+        if ( $is_head_request ) {
+            $this->assertArrayHasKey( 'fields', $query->query_vars, 'The fields parameter is not set in the query vars.' );
+            $this->assertSame( 'ids', $query->query_vars['fields'], 'The query must fetch only term IDs.' );
+            $this->assertArrayHasKey( 'update_term_meta_cache', $query->query_vars, 'The update_term_meta_cache key is missing in the query vars.' );
+            $this->assertFalse( $query->query_vars['update_term_meta_cache'], 'The update_term_meta_cache value should be false for HEAD requests.' );
+        } else {
+            $this->assertTrue(
+                ! array_key_exists( 'fields', $query->query_vars ) || 'ids' !== $query->query_vars['fields'],
+                'The fields parameter should not be forced to "ids" for non-HEAD requests.'
+            );
+            $this->assertArrayHasKey( 'update_term_meta_cache', $query->query_vars, 'The update_term_meta_cache key is missing in the query vars.' );
+            $this->assertTrue( $query->query_vars['update_term_meta_cache'], 'The update_term_meta_cache value should be true for HEAD requests.' );
+        }
+
+        if ( ! $is_head_request ) {
+            return;
+        }
+
+        global $wpdb;
+        $terms_table = preg_quote( $wpdb->terms, '/' );
+
+        $pattern = '/SELECT\s+t\.term_id.+FROM\s+' . $terms_table . '\s+AS\s+t\s+INNER\s+JOIN/is';
+
+        // Assert that the SQL query only fetches the term_id column.
+        $this->assertMatchesRegularExpression( $pattern, $query->request, 'The SQL query does not match the expected string.' );
+    }
+
+    /**
+     * Data provider intended to provide HTTP method names for testing GET and HEAD requests.
+     *
+     * @return array
+     */
+    public static function data_readable_http_methods() {
+        return array(
+            'GET request'  => array( 'GET' ),
+            'HEAD request' => array( 'HEAD' ),
+        );
+    }
+
+    /**
+     * @dataProvider data_readable_http_methods
+     * @ticket 56481
+     *
+     * @param string $method The HTTP method to use.
+     */
+    public function test_get_item_should_allow_adding_headers_via_filter( $method ) {
+        $category_id = self::factory()->category->create();
+
+        $request = new WP_REST_Request( $method, sprintf( '/wp/v2/categories/%d', $category_id ) );
+
+        $hook_name = 'rest_prepare_category';
+
+        $filter   = new MockAction();
+        $callback = array( $filter, 'filter' );
+        add_filter( $hook_name, $callback );
+        $header_filter = new class() {
+            public static function add_custom_header( $response ) {
+                $response->header( 'X-Test-Header', 'Test' );
+
+                return $response;
+            }
+        };
+        add_filter( $hook_name, array( $header_filter, 'add_custom_header' ) );
+        $response = rest_get_server()->dispatch( $request );
+        remove_filter( $hook_name, $callback );
+        remove_filter( $hook_name, array( $header_filter, 'add_custom_header' ) );
+
+        $this->assertSame( 200, $response->get_status(), 'The response status should be 200.' );
+        $this->assertSame( 1, $filter->get_call_count(), 'The "' . $hook_name . '" filter was called when it should not be for HEAD requests.' );
+        $headers = $response->get_headers();
+        $this->assertArrayHasKey( 'X-Test-Header', $headers, 'The "X-Test-Header" header should be present in the response.' );
+        $this->assertSame( 'Test', $headers['X-Test-Header'], 'The "X-Test-Header" header value should be equal to "Test".' );
+        if ( 'HEAD' !== $method ) {
+            return null;
+        }
+        $this->assertNull( $response->get_data(), 'The server should not generate a body in response to a HEAD request.' );
+    }
 }

trunk/tests/phpunit/tests/rest-api/rest-comments-controller.php

@@ -433 +433 @@
     }
 
-    public function test_get_items_no_permission_for_no_post() {
+    /**
+     * @dataProvider data_readable_http_methods
+     * @ticket 56481
+     *
+     * @param string $method HTTP method to use.
+     */
+    public function test_get_items_no_permission_for_no_post( $method ) {
         wp_set_current_user( 0 );
 
-        $request = new WP_REST_Request( 'GET', '/wp/v2/comments' );
+        $request = new WP_REST_Request( $method, '/wp/v2/comments' );
         $request->set_param( 'post', 0 );
         $response = rest_get_server()->dispatch( $request );
@@ -442 +448 @@
     }
 
-    public function test_get_items_edit_context() {
-        wp_set_current_user( self::$admin_id );
-
-        $request = new WP_REST_Request( 'GET', '/wp/v2/comments' );
+    /**
+     * Data provider intended to provide HTTP method names for testing GET and HEAD requests.
+     *
+     * @return array
+     */
+    public static function data_readable_http_methods() {
+        return array(
+            'GET request'  => array( 'GET' ),
+            'HEAD request' => array( 'HEAD' ),
+        );
+    }
+
+    /**
+     * @dataProvider data_readable_http_methods
+     * @ticket 56481
+     *
+     * @param string $method HTTP method to use.
+     */
+    public function test_get_items_edit_context( $method ) {
+        wp_set_current_user( self::$admin_id );
+
+        $request = new WP_REST_Request( $method, '/wp/v2/comments' );
         $request->set_param( 'context', 'edit' );
         $response = rest_get_server()->dispatch( $request );
@@ -594 +618 @@
     }
 
-    public function test_get_items_private_post_no_permissions() {
+    /**
+     * @dataProvider data_readable_http_methods
+     * @ticket 56481
+     *
+     * @param string $method HTTP method to use.
+     */
+    public function test_get_items_private_post_no_permissions( $method ) {
         wp_set_current_user( 0 );
 
         $post_id = self::factory()->post->create( array( 'post_status' => 'private' ) );
 
-        $request = new WP_REST_Request( 'GET', '/wp/v2/comments' );
+        $request = new WP_REST_Request( $method, '/wp/v2/comments' );
         $request->set_param( 'post', $post_id );
         $response = rest_get_server()->dispatch( $request );
@@ -802 +832 @@
     }
 
-    public function test_get_comments_pagination_headers() {
+    /**
+     * @dataProvider data_readable_http_methods
+     * @ticket 56481
+     *
+     * @param string $method HTTP method to use.
+     */
+    public function test_get_comments_pagination_headers( $method ) {
         $total_comments = self::$total_comments;
         $total_pages    = (int) ceil( $total_comments / 10 );
@@ -809 +845 @@
 
         // Start of the index.
-        $request  = new WP_REST_Request( 'GET', '/wp/v2/comments' );
+        $request  = new WP_REST_Request( $method, '/wp/v2/comments' );
         $response = rest_get_server()->dispatch( $request );
         $headers  = $response->get_headers();
@@ -885 +921 @@
     }
 
-    public function test_get_comments_invalid_date() {
-        $request = new WP_REST_Request( 'GET', '/wp/v2/comments' );
+    /**
+     * @dataProvider data_readable_http_methods
+     * @ticket 56481
+     *
+     * @param string $method HTTP method to use.
+     */
+    public function test_get_comments_invalid_date( $method ) {
+        $request = new WP_REST_Request( $method, '/wp/v2/comments' );
         $request->set_param( 'after', 'foo' );
         $request->set_param( 'before', 'bar' );
@@ -998 +1040 @@
     }
 
-    public function test_get_comment_invalid_id() {
-        $request = new WP_REST_Request( 'GET', '/wp/v2/comments/' . REST_TESTS_IMPOSSIBLY_HIGH_NUMBER );
+    /**
+     * @dataProvider data_readable_http_methods
+     * @ticket 56481
+     *
+     * @param string $method HTTP method to use.
+     */
+    public function test_get_comment_invalid_id( $method ) {
+        $request = new WP_REST_Request( $method, '/wp/v2/comments/' . REST_TESTS_IMPOSSIBLY_HIGH_NUMBER );
 
         $response = rest_get_server()->dispatch( $request );
@@ -1005 +1053 @@
     }
 
-    public function test_get_comment_invalid_context() {
+    /**
+     * @dataProvider data_readable_http_methods
+     * @ticket 56481
+     *
+     * @param string $method HTTP method to use.
+     */
+    public function test_get_comment_invalid_context( $method ) {
         wp_set_current_user( 0 );
 
-        $request = new WP_REST_Request( 'GET', sprintf( '/wp/v2/comments/%s', self::$approved_id ) );
+        $request = new WP_REST_Request( $method, sprintf( '/wp/v2/comments/%s', self::$approved_id ) );
         $request->set_param( 'context', 'edit' );
         $response = rest_get_server()->dispatch( $request );
@@ -1014 +1068 @@
     }
 
-    public function test_get_comment_invalid_post_id() {
+    /**
+     * @dataProvider data_readable_http_methods
+     * @ticket 56481
+     *
+     * @param string $method HTTP method to use.
+     */
+    public function test_get_comment_invalid_post_id( $method ) {
         wp_set_current_user( 0 );
 
@@ -1024 +1084 @@
         );
 
-        $request  = new WP_REST_Request( 'GET', '/wp/v2/comments/' . $comment_id );
+        $request  = new WP_REST_Request( $method, '/wp/v2/comments/' . $comment_id );
         $response = rest_get_server()->dispatch( $request );
         $this->assertErrorResponse( 'rest_post_invalid_id', $response, 404 );
     }
 
-    public function test_get_comment_invalid_post_id_as_admin() {
+    /**
+     * @dataProvider data_readable_http_methods
+     * @ticket 56481
+     *
+     * @param string $method HTTP method to use.
+     */
+    public function test_get_comment_invalid_post_id_as_admin( $method ) {
         wp_set_current_user( self::$admin_id );
 
@@ -1039 +1105 @@
         );
 
-        $request  = new WP_REST_Request( 'GET', '/wp/v2/comments/' . $comment_id );
+        $request  = new WP_REST_Request( $method, '/wp/v2/comments/' . $comment_id );
         $response = rest_get_server()->dispatch( $request );
         $this->assertErrorResponse( 'rest_post_invalid_id', $response, 404 );
     }
 
-    public function test_get_comment_not_approved() {
+    /**
+     * @dataProvider data_readable_http_methods
+     * @ticket 56481
+     *
+     * @param string $method HTTP method to use.
+     */
+    public function test_get_comment_not_approved( $method ) {
         wp_set_current_user( 0 );
 
-        $request  = new WP_REST_Request( 'GET', sprintf( '/wp/v2/comments/%d', self::$hold_id ) );
+        $request  = new WP_REST_Request( $method, sprintf( '/wp/v2/comments/%d', self::$hold_id ) );
         $response = rest_get_server()->dispatch( $request );
         $this->assertErrorResponse( 'rest_cannot_read', $response, 401 );
     }
 
-    public function test_get_comment_not_approved_same_user() {
-        wp_set_current_user( self::$admin_id );
-
-        $request  = new WP_REST_Request( 'GET', sprintf( '/wp/v2/comments/%d', self::$hold_id ) );
+    /**
+     * @dataProvider data_readable_http_methods
+     * @ticket 56481
+     *
+     * @param string $method HTTP method to use.
+     */
+    public function test_get_comment_not_approved_same_user( $method ) {
+        wp_set_current_user( self::$admin_id );
+
+        $request  = new WP_REST_Request( $method, sprintf( '/wp/v2/comments/%d', self::$hold_id ) );
         $response = rest_get_server()->dispatch( $request );
         $this->assertSame( 200, $response->get_status() );
@@ -1099 +1177 @@
     }
 
-    public function test_get_comment_with_password_without_edit_post_permission() {
+    /**
+     * @dataProvider data_readable_http_methods
+     * @ticket 56481
+     *
+     * @param string $method HTTP method to use.
+     */
+    public function test_get_comment_with_password_without_edit_post_permission( $method ) {
         wp_set_current_user( self::$subscriber_id );
 
@@ -1109 +1193 @@
         $password_comment = self::factory()->comment->create( $args );
 
-        $request  = new WP_REST_Request( 'GET', sprintf( '/wp/v2/comments/%s', $password_comment ) );
+        $request  = new WP_REST_Request( $method, sprintf( '/wp/v2/comments/%s', $password_comment ) );
         $response = rest_get_server()->dispatch( $request );
         $this->assertErrorResponse( 'rest_cannot_read', $response, 403 );
@@ -1115 +1199 @@
 
     /**
+     * @dataProvider data_readable_http_methods
      * @ticket 38692
-     */
-    public function test_get_comment_with_password_with_valid_password() {
+     * @ticket 56481
+     *
+     * @param string $method HTTP method to use.
+     */
+    public function test_get_comment_with_password_with_valid_password( $method ) {
         wp_set_current_user( self::$subscriber_id );
 
@@ -1127 +1215 @@
         $password_comment = self::factory()->comment->create( $args );
 
-        $request = new WP_REST_Request( 'GET', sprintf( '/wp/v2/comments/%s', $password_comment ) );
+        $request = new WP_REST_Request( $method, sprintf( '/wp/v2/comments/%s', $password_comment ) );
         $request->set_param( 'password', 'toomanysecrets' );
 
@@ -3366 +3454 @@
 
     /**
+     * @dataProvider data_readable_http_methods
      * @ticket 42238
-     */
-    public function test_check_read_post_permission_with_invalid_post_type() {
+     * @ticket 56481
+     *
+     * @param string $method HTTP method to use.
+     */
+    public function test_check_read_post_permission_with_invalid_post_type( $method ) {
         register_post_type(
             'bug-post',
@@ -3387 +3479 @@
 
         wp_set_current_user( self::$admin_id );
-        $request  = new WP_REST_Request( 'GET', '/wp/v2/comments/' . $comment_id );
+        $request  = new WP_REST_Request( $method, '/wp/v2/comments/' . $comment_id );
         $response = rest_get_server()->dispatch( $request );
         $this->assertSame( 403, $response->get_status() );
     }
+
+    /**
+     * @dataProvider data_readable_http_methods
+     * @ticket 56481
+     *
+     * @param string $method HTTP method to use.
+     */
+    public function test_get_items_only_fetches_ids_for_head_requests( $method ) {
+        $is_head_request = 'HEAD' === $method;
+        $request         = new WP_REST_Request( $method, '/wp/v2/comments' );
+
+        $filter = new MockAction();
+
+        add_filter( 'comments_pre_query', array( $filter, 'filter' ), 10, 2 );
+
+        $response = rest_get_server()->dispatch( $request );
+
+        $this->assertSame( 200, $response->get_status() );
+        if ( $is_head_request ) {
+            $this->assertEmpty( $response->get_data() );
+        } else {
+            $this->assertNotEmpty( $response->get_data() );
+        }
+
+        $args = $filter->get_args();
+        $this->assertTrue( isset( $args[0][1] ), 'Query parameters were not captured.' );
+        $this->assertInstanceOf( WP_Comment_Query::class, $args[0][1], 'Query parameters were not captured.' );
+
+        /** @var WP_Comment_Query $query */
+        $query = $args[0][1];
+
+        if ( $is_head_request ) {
+            $this->assertArrayHasKey( 'fields', $query->query_vars, 'The fields parameter is not set in the query vars.' );
+            $this->assertSame( 'ids', $query->query_vars['fields'], 'The query must fetch only post IDs.' );
+            $this->assertArrayHasKey( 'update_comment_meta_cache', $query->query_vars, 'The update_comment_meta_cache key is missing in the query vars.' );
+            $this->assertFalse( $query->query_vars['update_comment_meta_cache'], 'The update_comment_meta_cache value should be false for HEAD requests.' );
+        } else {
+            $this->assertTrue( ! array_key_exists( 'fields', $query->query_vars ) || 'ids' !== $query->query_vars['fields'], 'The fields parameter should not be forced to "ids" for non-HEAD requests.' );
+            $this->assertArrayHasKey( 'update_comment_meta_cache', $query->query_vars, 'The update_comment_meta_cache key is missing in the query vars.' );
+            $this->assertTrue( $query->query_vars['update_comment_meta_cache'], 'The update_comment_meta_cache value should be true for non-HEAD requests.' );
+            return;
+        }
+
+        global $wpdb;
+        $comments_table = preg_quote( $wpdb->comments, '/' );
+        $pattern        = '/^SELECT\s+SQL_CALC_FOUND_ROWS\s+' . $comments_table . '\.comment_ID\s+FROM\s+' . $comments_table . '\s+WHERE/i';
+
+        // Assert that the SQL query only fetches the ID column.
+        $this->assertMatchesRegularExpression( $pattern, $query->request, 'The SQL query does not match the expected string.' );
+    }
+
+    /**
+     * @dataProvider data_readable_http_methods
+     * @ticket 56481
+     *
+     * @param string $method The HTTP method to use.
+     */
+    public function test_get_item_should_allow_adding_headers_via_filter( $method ) {
+        $request = new WP_REST_Request( $method, sprintf( '/wp/v2/comments/%d', self::$approved_id ) );
+
+        $hook_name = 'rest_prepare_comment';
+
+        $filter   = new MockAction();
+        $callback = array( $filter, 'filter' );
+        add_filter( $hook_name, $callback );
+        $header_filter = new class() {
+            public static function add_custom_header( $response ) {
+                $response->header( 'X-Test-Header', 'Test' );
+
+                return $response;
+            }
+        };
+        add_filter( $hook_name, array( $header_filter, 'add_custom_header' ) );
+        $response = rest_get_server()->dispatch( $request );
+        remove_filter( $hook_name, $callback );
+        remove_filter( $hook_name, array( $header_filter, 'add_custom_header' ) );
+
+        $this->assertSame( 200, $response->get_status(), 'The response status should be 200.' );
+        $headers = $response->get_headers();
+        $this->assertSame( 1, $filter->get_call_count(), 'The "' . $hook_name . '" filter was called when it should not be for HEAD requests.' );
+        $this->assertArrayHasKey( 'X-Test-Header', $headers, 'The "X-Test-Header" header should be present in the response.' );
+        $this->assertSame( 'Test', $headers['X-Test-Header'], 'The "X-Test-Header" header value should be equal to "Test".' );
+        if ( 'HEAD' !== $method ) {
+            return null;
+        }
+        $this->assertNull( $response->get_data(), 'The server should not generate a body in response to a HEAD request.' );
+    }
 }

trunk/tests/phpunit/tests/rest-api/rest-global-styles-revisions-controller.php

@@ -246 +246 @@
 
     /**
-     * @ticket 58524
-     *
-     * @covers WP_REST_Global_Styles_Controller::get_items
-     */
-    public function test_get_items_missing_parent() {
-        wp_set_current_user( self::$admin_id );
-        $request  = new WP_REST_Request( 'GET', '/wp/v2/global-styles/' . REST_TESTS_IMPOSSIBLY_HIGH_NUMBER . '/revisions' );
+     * @dataProvider data_readable_http_methods
+     * @ticket 58524
+     * @ticket 56481
+     *
+     * @covers WP_REST_Global_Styles_Controller::get_items
+     *
+     * @param string $method The HTTP method to use.
+     */
+    public function test_get_items_missing_parent( $method ) {
+        wp_set_current_user( self::$admin_id );
+        $request  = new WP_REST_Request( $method, '/wp/v2/global-styles/' . REST_TESTS_IMPOSSIBLY_HIGH_NUMBER . '/revisions' );
         $response = rest_get_server()->dispatch( $request );
         $this->assertErrorResponse( 'rest_post_invalid_parent', $response, 404 );
+    }
+
+    /**
+     * Data provider intended to provide HTTP method names for testing GET and HEAD requests.
+     *
+     * @return array
+     */
+    public static function data_readable_http_methods() {
+        return array(
+            'GET request'  => array( 'GET' ),
+            'HEAD request' => array( 'HEAD' ),
+        );
     }
 
@@ -312 +328 @@
 
     /**
+     * @ticket 56481
+     *
+     * @covers WP_REST_Global_Styles_Controller::prepare_item_for_response
+     */
+    public function test_get_items_should_return_no_response_body_for_head_requests() {
+        wp_set_current_user( self::$admin_id );
+        $request  = new WP_REST_Request( 'HEAD', '/wp/v2/global-styles/' . self::$global_styles_id . '/revisions' );
+        $response = rest_get_server()->dispatch( $request );
+        $this->assertSame( 200, $response->get_status(), 'Response status is 200.' );
+        $this->assertNull( $response->get_data(), 'The server should not generate a body in response to a HEAD request.' );
+    }
+
+    /**
      * @ticket 59810
      *
@@ -328 +357 @@
 
     /**
+     * @ticket 56481
+     *
+     * @covers WP_REST_Global_Styles_Controller::get_item
+     * @covers WP_REST_Global_Styles_Controller::prepare_item_for_response
+     */
+    public function test_get_item_should_return_no_response_body_for_head_requests() {
+        wp_set_current_user( self::$admin_id );
+        $request  = new WP_REST_Request( 'HEAD', '/wp/v2/global-styles/' . self::$global_styles_id . '/revisions/' . $this->revision_1_id );
+        $response = rest_get_server()->dispatch( $request );
+        $this->assertSame( 200, $response->get_status(), 'Response status is 200.' );
+        $this->assertNull( $response->get_data(), 'The server should not generate a body in response to a HEAD request.' );
+    }
+
+    /**
+     * @dataProvider data_readable_http_methods
      * @ticket 59810
+     * @ticket 56481
      *
      * @covers WP_REST_Global_Styles_Controller::get_revision
-     */
-    public function test_get_item_invalid_revision_id_should_error() {
+     *
+     * @param string $method The HTTP method to use.
+     */
+    public function test_get_item_invalid_revision_id_should_error( $method ) {
         wp_set_current_user( self::$admin_id );
 
         $expected_error  = 'rest_post_invalid_id';
         $expected_status = 404;
-        $request         = new WP_REST_Request( 'GET', '/wp/v2/global-styles/' . self::$global_styles_id . '/revisions/20000001' );
+        $request         = new WP_REST_Request( $method, '/wp/v2/global-styles/' . self::$global_styles_id . '/revisions/20000001' );
         $response        = rest_get_server()->dispatch( $request );
 
@@ -420 +467 @@
 
     /**
+     * @dataProvider data_readable_http_methods
      * @ticket 58524
      * @ticket 60131
+     * @ticket 56481
      *
      * @covers WP_REST_Global_Styles_Controller::get_item_permissions_check
-     */
-    public function test_get_item_permissions_check() {
+     *
+     * @param string $method The HTTP method to use.
+     */
+    public function test_get_item_permissions_check( $method ) {
         wp_set_current_user( self::$author_id );
-        $request  = new WP_REST_Request( 'GET', '/wp/v2/global-styles/' . self::$global_styles_id . '/revisions' );
+        $request  = new WP_REST_Request( $method, '/wp/v2/global-styles/' . self::$global_styles_id . '/revisions' );
         $response = rest_get_server()->dispatch( $request );
 
@@ -436 +487 @@
      * Tests the pagination header of the first page.
      *
-     * Duplicate of WP_Test_REST_Revisions_Controller::test_get_items_pagination_header_of_the_first_page
-     *
-     * @ticket 58524
-     *
-     * @covers WP_REST_Global_Styles_Controller::get_items
-     */
-    public function test_get_items_pagination_header_of_the_first_page() {
+     * @dataProvider data_readable_http_methods
+     * @ticket 58524
+     * @ticket 56481
+     *
+     * @covers WP_REST_Global_Styles_Controller::get_items
+     *
+     * @param string $method The HTTP method to use.
+     */
+    public function test_get_items_pagination_header_of_the_first_page( $method ) {
         wp_set_current_user( self::$admin_id );
 
@@ -450 +503 @@
         $page        = 1;  // First page.
 
-        $request = new WP_REST_Request( 'GET', $rest_route );
+        $request = new WP_REST_Request( $method, $rest_route );
         $request->set_query_params(
             array(
@@ -477 +530 @@
      * Duplicate of WP_Test_REST_Revisions_Controller::test_get_items_pagination_header_of_the_last_page
      *
-     * @ticket 58524
-     *
-     * @covers WP_REST_Global_Styles_Controller::get_items
-     */
-    public function test_get_items_pagination_header_of_the_last_page() {
+     * @dataProvider data_readable_http_methods
+     * @ticket 58524
+     * @ticket 56481
+     *
+     * @covers WP_REST_Global_Styles_Controller::get_items
+     *
+     * @param string $method The HTTP method to use.
+     */
+    public function test_get_items_pagination_header_of_the_last_page( $method ) {
         wp_set_current_user( self::$admin_id );
 
@@ -489 +546 @@
         $page        = 2;  // Last page.
 
-        $request = new WP_REST_Request( 'GET', $rest_route );
+        $request = new WP_REST_Request( $method, $rest_route );
         $request->set_query_params(
             array(
@@ -515 +572 @@
      * Duplicate of WP_Test_REST_Revisions_Controller::test_get_items_invalid_per_page_should_error
      *
-     * @ticket 58524
-     *
-     * @covers WP_REST_Global_Styles_Controller::get_items
-     */
-    public function test_get_items_invalid_per_page_should_error() {
+     * @dataProvider data_readable_http_methods
+     * @ticket 58524
+     * @ticket 56481
+     *
+     * @covers WP_REST_Global_Styles_Controller::get_items
+     *
+     * @param string $method The HTTP method to use.
+     */
+    public function test_get_items_invalid_per_page_should_error( $method ) {
         wp_set_current_user( self::$admin_id );
 
@@ -526 +587 @@
         $expected_status = 400;
 
-        $request = new WP_REST_Request( 'GET', '/wp/v2/global-styles/' . self::$global_styles_id . '/revisions' );
+        $request = new WP_REST_Request( $method, '/wp/v2/global-styles/' . self::$global_styles_id . '/revisions' );
         $request->set_param( 'per_page', $per_page );
         $response = rest_get_server()->dispatch( $request );
@@ -537 +598 @@
      * Duplicate of WP_Test_REST_Revisions_Controller::test_get_items_out_of_bounds_page_should_error
      *
-     * @ticket 58524
-     *
-     * @covers WP_REST_Global_Styles_Controller::get_items
-     */
-    public function test_get_items_out_of_bounds_page_should_error() {
+     * @dataProvider data_readable_http_methods
+     * @ticket 58524
+     * @ticket 56481
+     *
+     * @covers WP_REST_Global_Styles_Controller::get_items
+     *
+     * @param string $method The HTTP method to use.
+     */
+    public function test_get_items_out_of_bounds_page_should_error( $method ) {
         wp_set_current_user( self::$admin_id );
 
@@ -550 +615 @@
         $expected_status = 400;
 
-        $request = new WP_REST_Request( 'GET', '/wp/v2/global-styles/' . self::$global_styles_id . '/revisions' );
+        $request = new WP_REST_Request( $method, '/wp/v2/global-styles/' . self::$global_styles_id . '/revisions' );
         $request->set_query_params(
             array(
@@ -566 +631 @@
      * Duplicate of WP_Test_REST_Revisions_Controller::test_get_items_invalid_max_pages_should_error
      *
-     * @ticket 58524
-     *
-     * @covers WP_REST_Global_Styles_Controller::get_items
-     */
-    public function test_get_items_invalid_max_pages_should_error() {
+     * @dataProvider data_readable_http_methods
+     * @ticket 58524
+     * @ticket 56481
+     *
+     * @covers WP_REST_Global_Styles_Controller::get_items
+     *
+     * @param string $method The HTTP method to use.
+     */
+    public function test_get_items_invalid_max_pages_should_error( $method ) {
         wp_set_current_user( self::$admin_id );
 
@@ -578 +647 @@
         $expected_status = 400;
 
-        $request = new WP_REST_Request( 'GET', '/wp/v2/global-styles/' . self::$global_styles_id . '/revisions' );
+        $request = new WP_REST_Request( $method, '/wp/v2/global-styles/' . self::$global_styles_id . '/revisions' );
         $request->set_query_params(
             array(
@@ -690 +759 @@
      * Duplicate of WP_Test_REST_Revisions_Controller::test_get_items_total_revisions_offset_should_return_empty_data
      *
-     * @ticket 58524
-     *
-     * @covers WP_REST_Global_Styles_Controller::get_items
-     */
-    public function test_get_items_total_revisions_offset_should_return_empty_data() {
+     * @dataProvider data_readable_http_methods
+     * @ticket 58524
+     * @ticket 56481
+     *
+     * @covers WP_REST_Global_Styles_Controller::get_items
+     *
+     * @param string $method The HTTP method to use.
+     */
+    public function test_get_items_total_revisions_offset_should_return_empty_data( $method ) {
         wp_set_current_user( self::$admin_id );
 
@@ -702 +775 @@
         $expected_status = 400;
 
-        $request = new WP_REST_Request( 'GET', '/wp/v2/global-styles/' . self::$global_styles_id . '/revisions' );
+        $request = new WP_REST_Request( $method, '/wp/v2/global-styles/' . self::$global_styles_id . '/revisions' );
         $request->set_query_params(
             array(
@@ -718 +791 @@
      * Duplicate of WP_Test_REST_Revisions_Controller::test_get_items_out_of_bound_offset_should_error
      *
-     * @ticket 58524
-     *
-     * @covers WP_REST_Global_Styles_Controller::get_items
-     */
-    public function test_get_items_out_of_bound_offset_should_error() {
+     * @dataProvider data_readable_http_methods
+     * @ticket 58524
+     * @ticket 56481
+     *
+     * @covers WP_REST_Global_Styles_Controller::get_items
+     *
+     * @param string $method The HTTP method to use.
+     */
+    public function test_get_items_out_of_bound_offset_should_error( $method ) {
         wp_set_current_user( self::$admin_id );
 
@@ -730 +807 @@
         $expected_status = 400;
 
-        $request = new WP_REST_Request( 'GET', '/wp/v2/global-styles/' . self::$global_styles_id . '/revisions' );
+        $request = new WP_REST_Request( $method, '/wp/v2/global-styles/' . self::$global_styles_id . '/revisions' );
         $request->set_query_params(
             array(
@@ -746 +823 @@
      * Duplicate of WP_Test_REST_Revisions_Controller::test_get_items_impossible_high_number_offset_should_error
      *
-     * @ticket 58524
-     *
-     * @covers WP_REST_Global_Styles_Controller::get_items
-     */
-    public function test_get_items_impossible_high_number_offset_should_error() {
+     * @dataProvider data_readable_http_methods
+     * @ticket 58524
+     * @ticket 56481
+     *
+     * @covers WP_REST_Global_Styles_Controller::get_items
+     *
+     * @param string $method The HTTP method to use.
+     */
+    public function test_get_items_impossible_high_number_offset_should_error( $method ) {
         wp_set_current_user( self::$admin_id );
 
@@ -758 +839 @@
         $expected_status = 400;
 
-        $request = new WP_REST_Request( 'GET', '/wp/v2/global-styles/' . self::$global_styles_id . '/revisions' );
+        $request = new WP_REST_Request( $method, '/wp/v2/global-styles/' . self::$global_styles_id . '/revisions' );
         $request->set_query_params(
             array(
@@ -774 +855 @@
      * Duplicate of WP_Test_REST_Revisions_Controller::test_get_items_invalid_offset_should_error
      *
-     * @ticket 58524
-     *
-     * @covers WP_REST_Global_Styles_Controller::get_items
-     */
-    public function test_get_items_invalid_offset_should_error() {
+     * @dataProvider data_readable_http_methods
+     * @ticket 58524
+     * @ticket 56481
+     *
+     * @covers WP_REST_Global_Styles_Controller::get_items
+     *
+     * @param string $method The HTTP method to use.
+     */
+    public function test_get_items_invalid_offset_should_error( $method ) {
         wp_set_current_user( self::$admin_id );
 
@@ -786 +871 @@
         $expected_status = 400;
 
-        $request = new WP_REST_Request( 'GET', '/wp/v2/global-styles/' . self::$global_styles_id . '/revisions' );
+        $request = new WP_REST_Request( $method, '/wp/v2/global-styles/' . self::$global_styles_id . '/revisions' );
         $request->set_query_params(
             array(

trunk/tests/phpunit/tests/rest-api/rest-pattern-directory-controller.php

@@ -146 +146 @@
 
     /**
+     * @ticket 56481
+     */
+    public function test_get_items_with_head_request_should_not_prepare_block_patterns_data() {
+        wp_set_current_user( self::$contributor_id );
+        self::mock_successful_response( 'browse-all', true );
+
+        $request = new WP_REST_Request( 'HEAD', '/wp/v2/pattern-directory/patterns' );
+
+        $hook_name = 'rest_prepare_block_pattern';
+        $filter    = new MockAction();
+        $callback  = array( $filter, 'filter' );
+
+        add_filter( $hook_name, $callback );
+        $response = rest_get_server()->dispatch( $request );
+        remove_filter( $hook_name, $callback );
+
+        $this->assertNotWPError( $response );
+        $response = rest_ensure_response( $response );
+
+        $this->assertSame( 200, $response->get_status(), 'The response status should be 200.' );
+
+        $this->assertSame( 0, $filter->get_call_count(), 'The "' . $hook_name . '" filter was called when it should not be for HEAD requests.' );
+        $this->assertNull( $response->get_data(), 'The server should not generate a body in response to a HEAD request.' );
+    }
+
+    /**
      * @covers WP_REST_Pattern_Directory_Controller::get_items
      *
@@ -220 +246 @@
 
     /**
-     * @covers WP_REST_Pattern_Directory_Controller::get_items
-     *
-     * @since 5.8.0
-     */
-    public function test_get_items_wdotorg_unavailable() {
+     * @dataProvider data_readable_http_methods
+     * @ticket 56481
+     *
+     * @covers WP_REST_Pattern_Directory_Controller::get_items
+     *
+     * @since 5.8.0
+     *
+     * @param string $method The HTTP method to use.
+     */
+    public function test_get_items_wdotorg_unavailable( $method ) {
         wp_set_current_user( self::$contributor_id );
         self::prevent_requests_to_host( 'api.wordpress.org' );
 
-        $request  = new WP_REST_Request( 'GET', '/wp/v2/pattern-directory/patterns' );
+        $request  = new WP_REST_Request( $method, '/wp/v2/pattern-directory/patterns' );
         $response = rest_do_request( $request );
 
@@ -235 +266 @@
 
     /**
-     * @covers WP_REST_Pattern_Directory_Controller::get_items
-     *
-     * @since 5.8.0
-     */
-    public function test_get_items_logged_out() {
-        $request = new WP_REST_Request( 'GET', '/wp/v2/pattern-directory/patterns' );
+     * Data provider intended to provide HTTP method names for testing GET and HEAD requests.
+     *
+     * @return array
+     */
+    public static function data_readable_http_methods() {
+        return array(
+            'GET request'  => array( 'GET' ),
+            'HEAD request' => array( 'HEAD' ),
+        );
+    }
+
+    /**
+     * @dataProvider data_readable_http_methods
+     * @ticket 56481
+     *
+     * @covers WP_REST_Pattern_Directory_Controller::get_items
+     *
+     * @since 5.8.0
+     *
+     * @param string $method The HTTP method to use.
+     */
+    public function test_get_items_logged_out( $method ) {
+        $request = new WP_REST_Request( $method, '/wp/v2/pattern-directory/patterns' );
         $request->set_query_params( array( 'search' => 'button' ) );
         $response = rest_do_request( $request );
@@ -284 +332 @@
 
     /**
-     * @covers WP_REST_Pattern_Directory_Controller::get_items
-     *
-     * @since 5.8.0
-     */
-    public function test_get_items_invalid_response_data() {
+     * @dataProvider data_readable_http_methods
+     * @ticket 56481
+     *
+     * @covers WP_REST_Pattern_Directory_Controller::get_items
+     *
+     * @since 5.8.0
+     *
+     * @param string $method The HTTP method to use.
+     */
+    public function test_get_items_invalid_response_data( $method ) {
         wp_set_current_user( self::$contributor_id );
         self::mock_successful_response( 'invalid-data', true );
 
-        $request  = new WP_REST_Request( 'GET', '/wp/v2/pattern-directory/patterns' );
+        $request  = new WP_REST_Request( $method, '/wp/v2/pattern-directory/patterns' );
         $response = rest_do_request( $request );
 

trunk/tests/phpunit/tests/rest-api/rest-post-types-controller.php

@@ -45 +45 @@
     }
 
-    public function test_get_items_invalid_permission_for_context() {
+    /**
+     * @dataProvider data_readable_http_methods
+     * @ticket 56481
+     *
+     * @param string $method HTTP method to use.
+     */
+    public function test_get_items_invalid_permission_for_context( $method ) {
         wp_set_current_user( 0 );
-        $request = new WP_REST_Request( 'GET', '/wp/v2/types' );
+        $request = new WP_REST_Request( $method, '/wp/v2/types' );
         $request->set_param( 'context', 'edit' );
         $response = rest_get_server()->dispatch( $request );
         $this->assertErrorResponse( 'rest_cannot_view', $response, 401 );
+    }
+
+    /**
+     * Data provider intended to provide HTTP method names for testing GET and HEAD requests.
+     *
+     * @return array
+     */
+    public static function data_readable_http_methods() {
+        return array(
+            'GET request'  => array( 'GET' ),
+            'HEAD request' => array( 'HEAD' ),
+        );
     }
 
@@ -59 +77 @@
         $data = $response->get_data();
         $this->assertSame( array( 'category', 'post_tag' ), $data['taxonomies'] );
+    }
+
+    /**
+     * @dataProvider data_readable_http_methods
+     * @ticket 56481
+     *
+     * @param string $method The HTTP method to use.
+     */
+    public function test_get_item_should_allow_adding_headers_via_filter( $method ) {
+        $request = new WP_REST_Request( $method, '/wp/v2/types/post' );
+
+        $hook_name = 'rest_prepare_post_type';
+        $filter    = new MockAction();
+        $callback  = array( $filter, 'filter' );
+        add_filter( $hook_name, $callback );
+        $header_filter = new class() {
+            public static function add_custom_header( $response ) {
+                $response->header( 'X-Test-Header', 'Test' );
+
+                return $response;
+            }
+        };
+        add_filter( $hook_name, array( $header_filter, 'add_custom_header' ) );
+        $response = rest_get_server()->dispatch( $request );
+        remove_filter( $hook_name, $callback );
+        remove_filter( $hook_name, array( $header_filter, 'add_custom_header' ) );
+
+        $this->assertSame( 200, $response->get_status(), 'The response status should be 200.' );
+        $this->assertSame( 1, $filter->get_call_count(), 'The "' . $hook_name . '" filter was called when it should not be for HEAD requests.' );
+        $headers = $response->get_headers();
+        $this->assertArrayHasKey( 'X-Test-Header', $headers, 'The "X-Test-Header" header should be present in the response.' );
+        $this->assertSame( 'Test', $headers['X-Test-Header'], 'The "X-Test-Header" header value should be equal to "Test".' );
+        if ( 'HEAD' !== $method ) {
+            return null;
+        }
+        $this->assertNull( $response->get_data(), 'The server should not generate a body in response to a HEAD request.' );
     }
 
@@ -107 +161 @@
     }
 
-    public function test_get_item_invalid_type() {
-        $request  = new WP_REST_Request( 'GET', '/wp/v2/types/invalid' );
+    /**
+     * @dataProvider data_readable_http_methods
+     * @ticket 56481
+     *
+     * @param string $method HTTP method to use.
+     */
+    public function test_get_item_invalid_type( $method ) {
+        $request  = new WP_REST_Request( $method, '/wp/v2/types/invalid' );
         $response = rest_get_server()->dispatch( $request );
         $this->assertErrorResponse( 'rest_type_invalid', $response, 404 );
@@ -122 +182 @@
     }
 
-    public function test_get_item_invalid_permission_for_context() {
+    /**
+     * @dataProvider data_readable_http_methods
+     * @ticket 56481
+     *
+     * @param string $method HTTP method to use.
+     */
+    public function test_get_item_invalid_permission_for_context( $method ) {
         wp_set_current_user( 0 );
-        $request = new WP_REST_Request( 'GET', '/wp/v2/types/post' );
+        $request = new WP_REST_Request( $method, '/wp/v2/types/post' );
         $request->set_param( 'context', 'edit' );
         $response = rest_get_server()->dispatch( $request );
@@ -244 +310 @@
     public function additional_field_get_callback( $response_data ) {
         return 123;
+    }
+
+    /**
+     * @ticket 56481
+     */
+    public function test_get_items_with_head_request_should_not_prepare_post_types_data() {
+        $request   = new WP_REST_Request( 'HEAD', '/wp/v2/types' );
+        $hook_name = 'rest_prepare_post_type';
+        $filter    = new MockAction();
+        $callback  = array( $filter, 'filter' );
+        add_filter( $hook_name, $callback );
+        $response = rest_get_server()->dispatch( $request );
+        remove_filter( $hook_name, $callback );
+        $this->assertSame( 200, $response->get_status(), 'The response status should be 200.' );
+        $this->assertSame( 0, $filter->get_call_count(), 'The "' . $hook_name . '" filter was called when it should not be for HEAD requests.' );
+        $this->assertNull( $response->get_data(), 'The server should not generate a body in response to a HEAD request.' );
     }
 

trunk/tests/phpunit/tests/rest-api/rest-posts-controller.php

@@ -275 +275 @@
 
     /**
+     * @ticket 56481
+     */
+    public function test_get_items_with_head_request_should_not_prepare_post_data() {
+        $request = new WP_REST_Request( 'HEAD', '/wp/v2/posts' );
+
+        $hook_name = 'rest_prepare_post';
+        $filter    = new MockAction();
+        $callback  = array( $filter, 'filter' );
+
+        add_filter( $hook_name, $callback );
+        $response = rest_get_server()->dispatch( $request );
+        remove_filter( $hook_name, $callback );
+
+        $this->assertNotWPError( $response );
+        $response = rest_ensure_response( $response );
+
+        $this->assertSame( 200, $response->get_status(), 'The response status should be 200.' );
+
+        $headers = $response->get_headers();
+        $this->assertSame( 0, $filter->get_call_count(), 'The "' . $hook_name . '" filter was called when it should not be for HEAD requests.' );
+        $this->assertArrayHasKey( 'Link', $headers, 'The "Link" header should be present in the response.' );
+        $this->assertNull( $response->get_data(), 'The server should not generate a body in response to a HEAD request.' );
+    }
+
+    /**
      * A valid query that returns 0 results should return an empty JSON list.
+     * In case of a HEAD request, the response should not contain a body.
      *
+     * @dataProvider data_readable_http_methods
      * @link https://github.com/WP-API/WP-API/issues/862
-     */
-    public function test_get_items_empty_query() {
-        $request = new WP_REST_Request( 'GET', '/wp/v2/posts' );
+     * @ticket 56481
+     *
+     * @covers WP_REST_Posts_Controller::get_items
+     *
+     * @param string $method The HTTP method to use.
+     */
+    public function test_get_items_empty_query( $method ) {
+        $request = new WP_REST_Request( $method, '/wp/v2/posts' );
         $request->set_query_params(
             array(
@@ -288 +320 @@
         $response = rest_get_server()->dispatch( $request );
 
-        $this->assertEmpty( $response->get_data() );
-        $this->assertSame( 200, $response->get_status() );
-    }
-
-    public function test_get_items_author_query() {
+        if ( $request->is_method( 'HEAD' ) ) {
+            $this->assertNull( $response->get_data(), 'Failed asserting that response data is null for HEAD request.' );
+        } else {
+            $this->assertSame( array(), $response->get_data(), 'Failed asserting that response data is an empty array for GET request.' );
+        }
+
+        $headers = $response->get_headers();
+        $this->assertSame( 0, $headers['X-WP-Total'], 'Failed asserting that X-WP-Total header is 0.' );
+        $this->assertSame( 0, $headers['X-WP-TotalPages'], 'Failed asserting that X-WP-TotalPages header is 0.' );
+    }
+
+    /**
+     * @dataProvider data_readable_http_methods
+     * @ticket 56481
+     *
+     * @param string $method The HTTP method to use.
+     */
+    public function test_get_items_author_query( $method ) {
         self::factory()->post->create( array( 'post_author' => self::$editor_id ) );
         self::factory()->post->create( array( 'post_author' => self::$author_id ) );
@@ -299 +344 @@
 
         // All posts in the database.
-        $request = new WP_REST_Request( 'GET', '/wp/v2/posts' );
+        $request = new WP_REST_Request( $method, '/wp/v2/posts' );
         $request->set_param( 'per_page', self::$per_page );
         $response = rest_get_server()->dispatch( $request );
         $this->assertSame( 200, $response->get_status() );
-        $this->assertCount( $total_posts, $response->get_data() );
+        if ( $request->is_method( 'get' ) ) {
+            $this->assertCount( $total_posts, $response->get_data() );
+
+        } else {
+            $this->assertNull( $response->get_data(), 'Failed asserting that response data is null for HEAD request.' );
+            $headers = $response->get_headers();
+            $this->assertSame( $total_posts, $headers['X-WP-Total'] );
+        }
 
         // Limit to editor and author.
-        $request = new WP_REST_Request( 'GET', '/wp/v2/posts' );
+        $request = new WP_REST_Request( $method, '/wp/v2/posts' );
         $request->set_param( 'author', array( self::$editor_id, self::$author_id ) );
         $response = rest_get_server()->dispatch( $request );
         $this->assertSame( 200, $response->get_status() );
         $data = $response->get_data();
-        $this->assertCount( 2, $data );
-        $this->assertSameSets( array( self::$editor_id, self::$author_id ), wp_list_pluck( $data, 'author' ) );
+        if ( $request->is_method( 'get' ) ) {
+            $this->assertCount( 2, $data );
+            $this->assertSameSets( array( self::$editor_id, self::$author_id ), wp_list_pluck( $data, 'author' ) );
+        } else {
+            $this->assertNull( $data, 'Failed asserting that response data is null for HEAD request.' );
+            $headers = $response->get_headers();
+            $this->assertSame( 2, $headers['X-WP-Total'], 'Failed asserting that X-WP-Total header is 2.' );
+        }
 
         // Limit to editor.
-        $request = new WP_REST_Request( 'GET', '/wp/v2/posts' );
+        $request = new WP_REST_Request( $method, '/wp/v2/posts' );
         $request->set_param( 'author', self::$editor_id );
         $response = rest_get_server()->dispatch( $request );
         $this->assertSame( 200, $response->get_status() );
         $data = $response->get_data();
-        $this->assertCount( 1, $data );
-        $this->assertSame( self::$editor_id, $data[0]['author'] );
-    }
-
-    public function test_get_items_author_exclude_query() {
+        if ( $request->is_method( 'get' ) ) {
+            $this->assertCount( 1, $data );
+            $this->assertSame( self::$editor_id, $data[0]['author'] );
+        } else {
+            $this->assertNull( $data, 'Failed asserting that response data is null for HEAD request.' );
+            $headers = $response->get_headers();
+            $this->assertSame( 1, $headers['X-WP-Total'], 'Failed asserting that X-WP-Total header is 1.' );
+        }
+    }
+
+    /**
+     * @dataProvider data_readable_http_methods
+     * @ticket 56481
+     *
+     * @param string $method The HTTP method to use.
+     */
+    public function test_get_items_author_exclude_query( $method ) {
         self::factory()->post->create( array( 'post_author' => self::$editor_id ) );
         self::factory()->post->create( array( 'post_author' => self::$author_id ) );
@@ -331 +401 @@
 
         // All posts in the database.
-        $request = new WP_REST_Request( 'GET', '/wp/v2/posts' );
+        $request = new WP_REST_Request( $method, '/wp/v2/posts' );
         $request->set_param( 'per_page', self::$per_page );
         $response = rest_get_server()->dispatch( $request );
         $this->assertSame( 200, $response->get_status() );
-        $this->assertCount( $total_posts, $response->get_data() );
+        if ( $request->is_method( 'get' ) ) {
+            $this->assertCount( $total_posts, $response->get_data() );
+        } else {
+            $this->assertNull( $response->get_data(), 'Failed asserting that response data is null for HEAD request.' );
+            $headers = $response->get_headers();
+            $this->assertSame( $total_posts, $headers['X-WP-Total'], 'Failed asserting that the number of posts is correct.' );
+        }
 
         // Exclude editor and author.
-        $request = new WP_REST_Request( 'GET', '/wp/v2/posts' );
+        $request = new WP_REST_Request( $method, '/wp/v2/posts' );
         $request->set_param( 'per_page', self::$per_page );
         $request->set_param( 'author_exclude', array( self::$editor_id, self::$author_id ) );
@@ -344 +420 @@
         $this->assertSame( 200, $response->get_status() );
         $data = $response->get_data();
-        $this->assertCount( $total_posts - 2, $data );
-        $this->assertNotEquals( self::$editor_id, $data[0]['author'] );
-        $this->assertNotEquals( self::$author_id, $data[0]['author'] );
+        if ( $request->is_method( 'get' ) ) {
+            $this->assertCount( $total_posts - 2, $data );
+            $this->assertNotEquals( self::$editor_id, $data[0]['author'] );
+            $this->assertNotEquals( self::$author_id, $data[0]['author'] );
+        } else {
+            $this->assertNull( $response->get_data(), 'Failed asserting that response data is null for HEAD request.' );
+            $headers = $response->get_headers();
+            $this->assertSame( $total_posts - 2, $headers['X-WP-Total'], 'Failed asserting that the number of posts is correct.' );
+        }
 
         // Exclude editor.
-        $request = new WP_REST_Request( 'GET', '/wp/v2/posts' );
+        $request = new WP_REST_Request( $method, '/wp/v2/posts' );
         $request->set_param( 'per_page', self::$per_page );
         $request->set_param( 'author_exclude', self::$editor_id );
@@ -355 +437 @@
         $this->assertSame( 200, $response->get_status() );
         $data = $response->get_data();
-        $this->assertCount( $total_posts - 1, $data );
-        $this->assertNotEquals( self::$editor_id, $data[0]['author'] );
-        $this->assertNotEquals( self::$editor_id, $data[1]['author'] );
+        if ( $request->is_method( 'get' ) ) {
+            $this->assertCount( $total_posts - 1, $data );
+            $this->assertNotEquals( self::$editor_id, $data[0]['author'] );
+            $this->assertNotEquals( self::$editor_id, $data[1]['author'] );
+        } else {
+            $this->assertNull( $response->get_data(), 'Failed asserting that response data is null for HEAD request.' );
+            $headers = $response->get_headers();
+            $this->assertSame( $total_posts - 1, $headers['X-WP-Total'], 'Failed asserting that the number of posts is correct.' );
+        }
 
         // Invalid 'author_exclude' should error.
-        $request = new WP_REST_Request( 'GET', '/wp/v2/posts' );
+        $request = new WP_REST_Request( $method, '/wp/v2/posts' );
         $request->set_param( 'author_exclude', 'invalid' );
         $response = rest_get_server()->dispatch( $request );
@@ -366 +454 @@
     }
 
-    public function test_get_items_include_query() {
+    /**
+     * @dataProvider data_readable_http_methods
+     * @ticket 56481
+     *
+     * @param string $method The HTTP method to use.
+     */
+    public function test_get_items_include_query( $method ) {
         $id1 = self::factory()->post->create(
             array(
@@ -380 +474 @@
         );
 
-        $request = new WP_REST_Request( 'GET', '/wp/v2/posts' );
+        $request = new WP_REST_Request( $method, '/wp/v2/posts' );
 
         // Order defaults to date descending.
@@ -386 +480 @@
         $response = rest_get_server()->dispatch( $request );
         $data     = $response->get_data();
-        $this->assertCount( 2, $data );
-        $this->assertSame( $id2, $data[0]['id'] );
+        if ( $request->is_method( 'get' ) ) {
+            $this->assertCount( 2, $data );
+            $this->assertSame( $id2, $data[0]['id'] );
+        } else {
+            $this->assertNull( $data, 'Failed asserting that response data is null for HEAD request.' );
+            $headers = $response->get_headers();
+            $this->assertSame( 2, $headers['X-WP-Total'], 'Failed asserting that the number of posts is correct.' );
+        }
+
         $this->assertPostsOrderedBy( '{posts}.post_date DESC' );
 
@@ -394 +495 @@
         $response = rest_get_server()->dispatch( $request );
         $data     = $response->get_data();
-        $this->assertCount( 2, $data );
-        $this->assertSame( $id1, $data[0]['id'] );
+        if ( $request->is_method( 'get' ) ) {
+            $this->assertCount( 2, $data );
+            $this->assertSame( $id1, $data[0]['id'] );
+        } else {
+            $this->assertNull( $data, 'Failed asserting that response data is null for HEAD request.' );
+            $headers = $response->get_headers();
+            $this->assertSame( 2, $headers['X-WP-Total'], 'Failed asserting that the number of posts is correct.' );
+        }
+
         $this->assertPostsOrderedBy( "FIELD({posts}.ID,$id1,$id2)" );
 
         // Invalid 'include' should error.
-        $request = new WP_REST_Request( 'GET', '/wp/v2/posts' );
+        $request = new WP_REST_Request( $method, '/wp/v2/posts' );
         $request->set_param( 'include', 'invalid' );
         $response = rest_get_server()->dispatch( $request );
@@ -1730 +1838 @@
     }
 
-    public function test_get_items_pagination_headers() {
+    /**
+     * @dataProvider data_readable_http_methods
+     * @ticket 56481
+     *
+     * @param string $method HTTP method to use.
+     */
+    public function test_get_items_pagination_headers( $method ) {
         $total_posts = self::$total_posts;
         $total_pages = (int) ceil( $total_posts / 10 );
 
         // Start of the index.
-        $request  = new WP_REST_Request( 'GET', '/wp/v2/posts' );
+        $request  = new WP_REST_Request( $method, '/wp/v2/posts' );
         $response = rest_get_server()->dispatch( $request );
         $headers  = $response->get_headers();
@@ -1753 +1867 @@
         ++$total_posts;
         ++$total_pages;
-        $request = new WP_REST_Request( 'GET', '/wp/v2/posts' );
+        $request = new WP_REST_Request( $method, '/wp/v2/posts' );
         $request->set_param( 'page', 3 );
         $response = rest_get_server()->dispatch( $request );
@@ -1775 +1889 @@
 
         // Last page.
-        $request = new WP_REST_Request( 'GET', '/wp/v2/posts' );
+        $request = new WP_REST_Request( $method, '/wp/v2/posts' );
         $request->set_param( 'page', $total_pages );
         $response = rest_get_server()->dispatch( $request );
@@ -1791 +1905 @@
 
         // Out of bounds.
-        $request = new WP_REST_Request( 'GET', '/wp/v2/posts' );
+        $request = new WP_REST_Request( $method, '/wp/v2/posts' );
         $request->set_param( 'page', 100 );
         $response = rest_get_server()->dispatch( $request );
@@ -1799 +1913 @@
         // With query params.
         $total_pages = (int) ceil( $total_posts / 5 );
-        $request     = new WP_REST_Request( 'GET', '/wp/v2/posts' );
+        $request     = new WP_REST_Request( $method, '/wp/v2/posts' );
         $request->set_query_params(
             array(
@@ -1826 +1940 @@
         );
         $this->assertStringContainsString( '<' . $next_link . '>; rel="next"', $headers['Link'] );
+    }
+
+    /**
+     * Data provider intended to provide HTTP method names for testing GET and HEAD requests.
+     *
+     * @return array
+     */
+    public static function data_readable_http_methods() {
+        return array(
+            'GET request'  => array( 'GET' ),
+            'HEAD request' => array( 'HEAD' ),
+        );
+    }
+
+    /**
+     * @dataProvider data_readable_http_methods
+     * @ticket 56481
+     *
+     * @param string $method HTTP method to use.
+     */
+    public function test_get_items_only_fetches_ids_for_head_requests( $method ) {
+        $is_head_request = 'HEAD' === $method;
+        $request         = new WP_REST_Request( $method, '/wp/v2/posts' );
+
+        $filter = new MockAction();
+
+        add_filter( 'posts_pre_query', array( $filter, 'filter' ), 10, 2 );
+
+        $response = rest_get_server()->dispatch( $request );
+
+        $this->assertSame( 200, $response->get_status() );
+        if ( $is_head_request ) {
+            $this->assertEmpty( $response->get_data() );
+        } else {
+            $this->assertNotEmpty( $response->get_data() );
+        }
+
+        $args = $filter->get_args();
+        $this->assertTrue( isset( $args[0][1] ), 'Query parameters were not captured.' );
+        $this->assertInstanceOf( WP_Query::class, $args[0][1], 'Query parameters were not captured.' );
+
+        /** @var WP_Query $query */
+        $query = $args[0][1];
+
+        if ( $is_head_request ) {
+            $this->assertArrayHasKey( 'fields', $query->query, 'The fields parameter is not set in the query vars.' );
+            $this->assertSame( 'ids', $query->query['fields'], 'The query must fetch only post IDs.' );
+            $this->assertArrayHasKey( 'fields', $query->query_vars, 'The fields parameter is not set in the query vars.' );
+            $this->assertSame( 'ids', $query->query_vars['fields'], 'The query must fetch only post IDs.' );
+            $this->assertArrayHasKey( 'update_post_term_cache', $query->query_vars, 'The "update_post_term_cache" parameter is missing in the query vars.' );
+            $this->assertFalse( $query->query_vars['update_post_term_cache'], 'The "update_post_term_cache" parameter must be false for HEAD requests.' );
+            $this->assertArrayHasKey( 'update_post_meta_cache', $query->query_vars, 'The "update_post_meta_cache" parameter is missing in the query vars.' );
+            $this->assertFalse( $query->query_vars['update_post_meta_cache'], 'The "update_post_meta_cache" parameter must be false for HEAD requests.' );
+        } else {
+            $this->assertTrue( ! array_key_exists( 'fields', $query->query ) || 'ids' !== $query->query['fields'], 'The fields parameter should not be forced to "ids" for non-HEAD requests.' );
+            $this->assertTrue( ! array_key_exists( 'fields', $query->query_vars ) || 'ids' !== $query->query_vars['fields'], 'The fields parameter should not be forced to "ids" for non-HEAD requests.' );
+            $this->assertArrayHasKey( 'update_post_term_cache', $query->query_vars, 'The "update_post_term_cache" parameter is missing in the query vars.' );
+            $this->assertTrue( $query->query_vars['update_post_term_cache'], 'The "update_post_term_cache" parameter must be true for non-HEAD requests.' );
+            $this->assertArrayHasKey( 'update_post_meta_cache', $query->query_vars, 'The "update_post_meta_cache" parameter is missing in the query vars.' );
+            $this->assertTrue( $query->query_vars['update_post_meta_cache'], 'The "update_post_meta_cache" parameter must be true for non-HEAD requests.' );
+        }
+
+        if ( ! $is_head_request ) {
+            return;
+        }
+
+        global $wpdb;
+        $posts_table = preg_quote( $wpdb->posts, '/' );
+        $pattern     = '/^SELECT\s+SQL_CALC_FOUND_ROWS\s+' . $posts_table . '\.ID\s+FROM\s+' . $posts_table . '\s+WHERE/i';
+
+        // Assert that the SQL query only fetches the ID column.
+        $this->assertMatchesRegularExpression( $pattern, $query->request, 'The SQL query does not match the expected string.' );
     }
 
@@ -1972 +2158 @@
 
         $this->check_get_post_response( $response, 'view' );
+    }
+
+    /**
+     * @dataProvider data_readable_http_methods
+     * @ticket 56481
+     *
+     * @param string $method The HTTP method to use.
+     */
+    public function test_get_item_should_allow_adding_headers_via_filter( $method ) {
+        $request = new WP_REST_Request( $method, sprintf( '/wp/v2/posts/%d', self::$post_id ) );
+
+        $hook_name = 'rest_prepare_' . get_post_type( self::$post_id );
+        $filter    = new MockAction();
+        $callback  = array( $filter, 'filter' );
+        add_filter( $hook_name, $callback );
+        $header_filter = new class() {
+            public static function add_custom_header( $response ) {
+                $response->header( 'X-Test-Header', 'Test' );
+
+                return $response;
+            }
+        };
+        add_filter( $hook_name, array( $header_filter, 'add_custom_header' ) );
+        $response = rest_get_server()->dispatch( $request );
+        remove_filter( $hook_name, $callback );
+        remove_filter( $hook_name, array( $header_filter, 'add_custom_header' ) );
+
+        $this->assertSame( 200, $response->get_status(), 'The response status should be 200.' );
+        $this->assertSame( 1, $filter->get_call_count(), 'The "' . $hook_name . '" filter was not called when it should be for GET/HEAD requests.' );
+        $headers = $response->get_headers();
+        $this->assertArrayHasKey( 'Link', $headers, 'The "Link" header should be present in the response.' );
+        $this->assertArrayHasKey( 'X-Test-Header', $headers, 'The "X-Test-Header" header should be present in the response.' );
+        $this->assertSame( 'Test', $headers['X-Test-Header'], 'The "X-Test-Header" header value should be equal to "Test".' );
+        if ( 'HEAD' !== $method ) {
+            return null;
+        }
+        $this->assertNull( $response->get_data(), 'The server should not generate a body in response to a HEAD request.' );
     }
 

trunk/tests/phpunit/tests/rest-api/rest-request.php

@@ -1082 +1082 @@
         $this->assertSame( 'rest_invalid_param', $valid->get_error_code() );
     }
+
+    /**
+     * Tests that WP_REST_Request::is_method() correctly detects the request method,
+     * regardless of case sensitivity.
+     *
+     * @dataProvider data_is_method_should_detect_method_ignoring_case
+     * @ticket 56481
+     *
+     * @param string $method       The expected HTTP method of the request.
+     * @param string $input_method The HTTP method to check against.
+     * @param bool   $expected     The expected result of the is_method() check.
+     */
+    public function test_is_method_should_detect_method_ignoring_case( $method, $input_method, $expected ) {
+        $request = new WP_REST_Request();
+        $request->set_method( $method );
+        $result = $request->is_method( $input_method );
+
+        $this->assertSame( $expected, $result, 'Failed asserting that the WP_REST_Request::is_method() method correctly detects the request method.' );
+    }
+
+    /**
+     * Provides test cases for verifying HTTP method comparison is case-insensitive.
+     *
+     * @return array
+     */
+    public function data_is_method_should_detect_method_ignoring_case() {
+        return array(
+            // GET.
+            'GET same case'          => array( 'GET', 'GET', true ),
+            'GET different case'     => array( 'GET', 'get', true ),
+            'GET different case #2'  => array( 'GET', 'get', true ),
+            'GET different case #3'  => array( 'GET', 'gEt', true ),
+            'GET wrong method'       => array( 'GET', 'POST', false ),
+            // POST.
+            'POST same case'         => array( 'POST', 'POST', true ),
+            'POST different case'    => array( 'POST', 'post', true ),
+            'POST different case #2' => array( 'POST', 'pOsT', true ),
+            'POST wrong method'      => array( 'POST', 'GET', false ),
+            // HEAD.
+            'HEAD same case'         => array( 'HEAD', 'HEAD', true ),
+            'HEAD different case'    => array( 'HEAD', 'head', true ),
+            'HEAD different case #2' => array( 'HEAD', 'HeAd', true ),
+            'HEAD wrong method'      => array( 'HEAD', 'GET', false ),
+        );
+    }
 }

trunk/tests/phpunit/tests/rest-api/rest-revisions-controller.php

@@ -163 +163 @@
     }
 
-    public function test_get_items_no_permission() {
+    /**
+     * @ticket 56481
+     */
+    public function test_get_items_with_head_request_should_not_prepare_revisions_data() {
+        wp_set_current_user( self::$editor_id );
+
+        $hook_name = 'rest_prepare_revision';
+        $filter    = new MockAction();
+        $callback  = array( $filter, 'filter' );
+
+        add_filter( $hook_name, $callback );
+        $request  = new WP_REST_Request( 'HEAD', '/wp/v2/posts/' . self::$post_id . '/revisions' );
+        $response = rest_get_server()->dispatch( $request );
+        remove_filter( $hook_name, $callback );
+
+        $this->assertNotWPError( $response );
+        $response = rest_ensure_response( $response );
+
+        $this->assertSame( 200, $response->get_status(), 'The response status should be 200.' );
+        $this->assertSame( 0, $filter->get_call_count(), 'The "' . $hook_name . '" filter was called when it should not be for HEAD requests.' );
+        $this->assertNull( $response->get_data(), 'The server should not generate a body in response to a HEAD request.' );
+    }
+
+    /**
+     * @dataProvider data_readable_http_methods
+     * @ticket 56481
+     *
+     * @param string $method The HTTP method to use.
+     */
+    public function test_get_items_no_permission( $method ) {
         wp_set_current_user( 0 );
-        $request  = new WP_REST_Request( 'GET', '/wp/v2/posts/' . self::$post_id . '/revisions' );
+        $request  = new WP_REST_Request( $method, '/wp/v2/posts/' . self::$post_id . '/revisions' );
         $response = rest_get_server()->dispatch( $request );
 
@@ -174 +203 @@
     }
 
-    public function test_get_items_missing_parent() {
-        wp_set_current_user( self::$editor_id );
-        $request  = new WP_REST_Request( 'GET', '/wp/v2/posts/' . REST_TESTS_IMPOSSIBLY_HIGH_NUMBER . '/revisions' );
+    /**
+     * Data provider intended to provide HTTP method names for testing GET and HEAD requests.
+     *
+     * @return array
+     */
+    public static function data_readable_http_methods() {
+        return array(
+            'GET request'  => array( 'GET' ),
+            'HEAD request' => array( 'HEAD' ),
+        );
+    }
+
+    /**
+     * @dataProvider data_readable_http_methods
+     * @ticket 56481
+     *
+     * @param string $method The HTTP method to use.
+     */
+    public function test_get_items_missing_parent( $method ) {
+        wp_set_current_user( self::$editor_id );
+        $request  = new WP_REST_Request( $method, '/wp/v2/posts/' . REST_TESTS_IMPOSSIBLY_HIGH_NUMBER . '/revisions' );
         $response = rest_get_server()->dispatch( $request );
         $this->assertErrorResponse( 'rest_post_invalid_parent', $response, 404 );
     }
 
-    public function test_get_items_invalid_parent_post_type() {
-        wp_set_current_user( self::$editor_id );
-        $request  = new WP_REST_Request( 'GET', '/wp/v2/posts/' . self::$page_id . '/revisions' );
+    /**
+     * @dataProvider data_readable_http_methods
+     * @ticket 56481
+     *
+     * @param string $method The HTTP method to use.
+     */
+    public function test_get_items_invalid_parent_post_type( $method ) {
+        wp_set_current_user( self::$editor_id );
+        $request  = new WP_REST_Request( $method, '/wp/v2/posts/' . self::$page_id . '/revisions' );
         $response = rest_get_server()->dispatch( $request );
         $this->assertErrorResponse( 'rest_post_invalid_parent', $response, 404 );
@@ -214 +267 @@
     }
 
+    /**
+     * @dataProvider data_readable_http_methods
+     * @ticket 56481
+     *
+     * @param string $method The HTTP method to use.
+     */
+    public function test_get_item_should_allow_adding_headers_via_filter( $method ) {
+        wp_set_current_user( self::$editor_id );
+        $request = new WP_REST_Request( $method, '/wp/v2/posts/' . self::$post_id . '/revisions/' . $this->revision_id1 );
+
+        $hook_name = 'rest_prepare_revision';
+        $filter    = new MockAction();
+        $callback  = array( $filter, 'filter' );
+        add_filter( $hook_name, $callback );
+        $header_filter = new class() {
+            public static function add_custom_header( $response ) {
+                $response->header( 'X-Test-Header', 'Test' );
+
+                return $response;
+            }
+        };
+        add_filter( $hook_name, array( $header_filter, 'add_custom_header' ) );
+        $response = rest_get_server()->dispatch( $request );
+        remove_filter( $hook_name, $callback );
+        remove_filter( $hook_name, array( $header_filter, 'add_custom_header' ) );
+
+        $this->assertSame( 200, $response->get_status(), 'The response status should be 200.' );
+        $this->assertSame( 1, $filter->get_call_count(), 'The "' . $hook_name . '" filter was not called when it should be for GET/HEAD requests.' );
+        $headers = $response->get_headers();
+        $this->assertArrayHasKey( 'X-Test-Header', $headers, 'The "X-Test-Header" header should be present in the response.' );
+        $this->assertSame( 'Test', $headers['X-Test-Header'], 'The "X-Test-Header" header value should be equal to "Test".' );
+        if ( 'GET' === $method ) {
+            return null;
+        }
+        $this->assertNull( $response->get_data(), 'The server should not generate a body in response to a HEAD request.' );
+    }
+
     public function test_get_item_embed_context() {
         wp_set_current_user( self::$editor_id );
@@ -232 +322 @@
     }
 
-    public function test_get_item_no_permission() {
+    /**
+     * @dataProvider data_readable_http_methods
+     * @ticket 56481
+     *
+     * @param string $method The HTTP method to use.
+     */
+    public function test_get_item_no_permission( $method ) {
         wp_set_current_user( 0 );
-        $request = new WP_REST_Request( 'GET', '/wp/v2/posts/' . self::$post_id . '/revisions/' . $this->revision_id1 );
+        $request = new WP_REST_Request( $method, '/wp/v2/posts/' . self::$post_id . '/revisions/' . $this->revision_id1 );
 
         $response = rest_get_server()->dispatch( $request );
@@ -243 +339 @@
     }
 
-    public function test_get_item_missing_parent() {
-        wp_set_current_user( self::$editor_id );
-        $request  = new WP_REST_Request( 'GET', '/wp/v2/posts/' . REST_TESTS_IMPOSSIBLY_HIGH_NUMBER . '/revisions/' . $this->revision_id1 );
+    /**
+     * @dataProvider data_readable_http_methods
+     * @ticket 56481
+     *
+     * @param string $method The HTTP method to use.
+     */
+    public function test_get_item_missing_parent( $method ) {
+        wp_set_current_user( self::$editor_id );
+        $request  = new WP_REST_Request( $method, '/wp/v2/posts/' . REST_TESTS_IMPOSSIBLY_HIGH_NUMBER . '/revisions/' . $this->revision_id1 );
         $response = rest_get_server()->dispatch( $request );
         $this->assertErrorResponse( 'rest_post_invalid_parent', $response, 404 );
     }
 
-    public function test_get_item_invalid_parent_post_type() {
-        wp_set_current_user( self::$editor_id );
-        $request  = new WP_REST_Request( 'GET', '/wp/v2/posts/' . self::$page_id . '/revisions/' . $this->revision_id1 );
+    /**
+     * @dataProvider data_readable_http_methods
+     * @ticket 56481
+     *
+     * @param string $method The HTTP method to use.
+     */
+    public function test_get_item_invalid_parent_post_type( $method ) {
+        wp_set_current_user( self::$editor_id );
+        $request  = new WP_REST_Request( $method, '/wp/v2/posts/' . self::$page_id . '/revisions/' . $this->revision_id1 );
         $response = rest_get_server()->dispatch( $request );
         $this->assertErrorResponse( 'rest_post_invalid_parent', $response, 404 );
@@ -270 +378 @@
 
     /**
+     * @dataProvider data_readable_http_methods
      * @ticket 59875
-     */
-    public function test_get_item_invalid_parent_id() {
-        wp_set_current_user( self::$editor_id );
-        $request  = new WP_REST_Request( 'GET', '/wp/v2/posts/' . self::$post_id . '/revisions/' . $this->revision_2_1_id );
+     * @ticket 56481
+     *
+     * @param string $method The HTTP method to use.
+     */
+    public function test_get_item_invalid_parent_id( $method ) {
+        wp_set_current_user( self::$editor_id );
+        $request  = new WP_REST_Request( $method, '/wp/v2/posts/' . self::$post_id . '/revisions/' . $this->revision_2_1_id );
         $response = rest_get_server()->dispatch( $request );
         $this->assertErrorResponse( 'rest_revision_parent_id_mismatch', $response, 404 );
@@ -511 +623 @@
      * Test the pagination header of the first page.
      *
-     * @ticket 40510
-     */
-    public function test_get_items_pagination_header_of_the_first_page() {
+     * @dataProvider data_readable_http_methods
+     * @ticket 40510
+     * @ticket 56481
+     *
+     * @param string $method The HTTP method to use.
+     */
+    public function test_get_items_pagination_header_of_the_first_page( $method ) {
         wp_set_current_user( self::$editor_id );
 
@@ -521 +637 @@
         $page        = 1;  // First page.
 
-        $request = new WP_REST_Request( 'GET', $rest_route );
+        $request = new WP_REST_Request( $method, $rest_route );
         $request->set_query_params(
             array(
@@ -546 +662 @@
      * Test the pagination header of the last page.
      *
-     * @ticket 40510
-     */
-    public function test_get_items_pagination_header_of_the_last_page() {
+     * @dataProvider data_readable_http_methods
+     * @ticket 40510
+     * @ticket 56481
+     *
+     * @param string $method The HTTP method to use.
+     */
+    public function test_get_items_pagination_header_of_the_last_page( $method ) {
         wp_set_current_user( self::$editor_id );
 
@@ -556 +676 @@
         $page        = 2;  // Last page.
 
-        $request = new WP_REST_Request( 'GET', $rest_route );
+        $request = new WP_REST_Request( $method, $rest_route );
         $request->set_query_params(
             array(
@@ -577 +697 @@
     }
 
+
     /**
      * Test that invalid 'per_page' query should error.
      *
-     * @ticket 40510
-     */
-    public function test_get_items_invalid_per_page_should_error() {
+     * @dataProvider data_readable_http_methods
+     * @ticket 40510
+     * @ticket 56481
+     *
+     * @param string $method The HTTP method to use.
+     */
+    public function test_get_items_invalid_per_page_should_error( $method ) {
         wp_set_current_user( self::$editor_id );
 
@@ -589 +714 @@
         $expected_status = 400;
 
-        $request = new WP_REST_Request( 'GET', '/wp/v2/posts/' . self::$post_id . '/revisions' );
+        $request = new WP_REST_Request( $method, '/wp/v2/posts/' . self::$post_id . '/revisions' );
         $request->set_param( 'per_page', $per_page );
         $response = rest_get_server()->dispatch( $request );
@@ -598 +723 @@
      * Test that out of bounds 'page' query should error.
      *
-     * @ticket 40510
-     */
-    public function test_get_items_out_of_bounds_page_should_error() {
+     * @dataProvider data_readable_http_methods
+     * @ticket 40510
+     * @ticket 56481
+     *
+     * @param string $method The HTTP method to use.
+     */
+    public function test_get_items_out_of_bounds_page_should_error( $method ) {
         wp_set_current_user( self::$editor_id );
 
@@ -609 +738 @@
         $expected_status = 400;
 
-        $request = new WP_REST_Request( 'GET', '/wp/v2/posts/' . self::$post_id . '/revisions' );
+        $request = new WP_REST_Request( $method, '/wp/v2/posts/' . self::$post_id . '/revisions' );
         $request->set_query_params(
             array(
@@ -623 +752 @@
      * Test that impossibly high 'page' query should error.
      *
-     * @ticket 40510
-     */
-    public function test_get_items_invalid_max_pages_should_error() {
+     * @dataProvider data_readable_http_methods
+     * @ticket 40510
+     * @ticket 56481
+     *
+     * @param string $method The HTTP method to use.
+     */
+    public function test_get_items_invalid_max_pages_should_error( $method ) {
         wp_set_current_user( self::$editor_id );
 
@@ -633 +766 @@
         $expected_status = 400;
 
-        $request = new WP_REST_Request( 'GET', '/wp/v2/posts/' . self::$post_id . '/revisions' );
+        $request = new WP_REST_Request( $method, '/wp/v2/posts/' . self::$post_id . '/revisions' );
         $request->set_query_params(
             array(
@@ -771 +904 @@
      * Test that out of bound 'offset' query should error.
      *
-     * @ticket 40510
-     */
-    public function test_get_items_out_of_bound_offset_should_error() {
+     * @dataProvider data_readable_http_methods
+     * @ticket 40510
+     * @ticket 56481
+     *
+     * @param string $method The HTTP method to use.
+     */
+    public function test_get_items_out_of_bound_offset_should_error( $method ) {
         wp_set_current_user( self::$editor_id );
 
@@ -781 +918 @@
         $expected_status = 400;
 
-        $request = new WP_REST_Request( 'GET', '/wp/v2/posts/' . self::$post_id . '/revisions' );
+        $request = new WP_REST_Request( $method, '/wp/v2/posts/' . self::$post_id . '/revisions' );
         $request->set_query_params(
             array(
@@ -795 +932 @@
      * Test that impossible high number for 'offset' query should error.
      *
-     * @ticket 40510
-     */
-    public function test_get_items_impossible_high_number_offset_should_error() {
+     * @dataProvider data_readable_http_methods
+     * @ticket 40510
+     * @ticket 56481
+     *
+     * @param string $method The HTTP method to use.
+     */
+    public function test_get_items_impossible_high_number_offset_should_error( $method ) {
         wp_set_current_user( self::$editor_id );
 
@@ -805 +946 @@
         $expected_status = 400;
 
-        $request = new WP_REST_Request( 'GET', '/wp/v2/posts/' . self::$post_id . '/revisions' );
+        $request = new WP_REST_Request( $method, '/wp/v2/posts/' . self::$post_id . '/revisions' );
         $request->set_query_params(
             array(
@@ -819 +960 @@
      * Test that invalid 'offset' query should error.
      *
-     * @ticket 40510
-     */
-    public function test_get_items_invalid_offset_should_error() {
+     * @dataProvider data_readable_http_methods
+     * @ticket 40510
+     * @ticket 56481
+     *
+     * @param string $method The HTTP method to use.
+     */
+    public function test_get_items_invalid_offset_should_error( $method ) {
         wp_set_current_user( self::$editor_id );
 
@@ -829 +974 @@
         $expected_status = 400;
 
-        $request = new WP_REST_Request( 'GET', '/wp/v2/posts/' . self::$post_id . '/revisions' );
+        $request = new WP_REST_Request( $method, '/wp/v2/posts/' . self::$post_id . '/revisions' );
         $request->set_query_params(
             array(

trunk/tests/phpunit/tests/rest-api/rest-search-controller.php

@@ -162 +162 @@
 
     /**
+     * Test pagination headers.
+     *
+     * @dataProvider data_readable_http_methods
+     * @ticket 56481
+     *
+     * @param string $method HTTP method to use.
+     */
+    public function test_get_items_pagination_headers( $method ) {
+        $total_posts = count( self::$my_title_post_ids ) + count( self::$my_title_page_ids ) + count( self::$my_content_post_ids );
+        $per_page    = 3;
+        $total_pages = (int) ceil( $total_posts / $per_page );
+
+        // Start of the index.
+        $response = $this->do_request_with_params(
+            array(
+                'per_page' => $per_page,
+            ),
+            $method
+        );
+        $headers  = $response->get_headers();
+        $this->assertSame( $total_posts, $headers['X-WP-Total'] );
+        $this->assertSame( $total_pages, $headers['X-WP-TotalPages'] );
+
+        $next_link = add_query_arg(
+            array(
+                'per_page' => $per_page,
+                'page'     => 2,
+            ),
+            rest_url( '/wp/v2/search' )
+        );
+        $this->assertStringNotContainsString( 'rel="prev"', $headers['Link'] );
+        $this->assertStringContainsString( '<' . $next_link . '>; rel="next"', $headers['Link'] );
+
+        $response = $this->do_request_with_params(
+            array(
+                'per_page' => $per_page,
+                'page'     => 3,
+            ),
+            $method
+        );
+        $headers  = $response->get_headers();
+        $this->assertSame( $total_posts, $headers['X-WP-Total'] );
+        $this->assertSame( $total_pages, $headers['X-WP-TotalPages'] );
+        $prev_link = add_query_arg(
+            array(
+                'per_page' => $per_page,
+                'page'     => 2,
+            ),
+            rest_url( '/wp/v2/search' )
+        );
+        $this->assertStringContainsString( '<' . $prev_link . '>; rel="prev"', $headers['Link'] );
+        $next_link = add_query_arg(
+            array(
+                'per_page' => $per_page,
+                'page'     => 4,
+            ),
+            rest_url( '/wp/v2/search' )
+        );
+        $this->assertStringContainsString( '<' . $next_link . '>; rel="next"', $headers['Link'] );
+
+        // Last page.
+        $response = $this->do_request_with_params(
+            array(
+                'per_page' => $per_page,
+                'page'     => $total_pages,
+            ),
+            $method
+        );
+        $headers  = $response->get_headers();
+        $this->assertSame( $total_posts, $headers['X-WP-Total'] );
+        $this->assertSame( $total_pages, $headers['X-WP-TotalPages'] );
+        $prev_link = add_query_arg(
+            array(
+                'per_page' => $per_page,
+                'page'     => $total_pages - 1,
+            ),
+            rest_url( '/wp/v2/search' )
+        );
+        $this->assertStringContainsString( '<' . $prev_link . '>; rel="prev"', $headers['Link'] );
+        $this->assertStringNotContainsString( 'rel="next"', $headers['Link'] );
+    }
+
+    /**
+     * Data provider intended to provide HTTP method names for testing GET and HEAD requests.
+     *
+     * @return array
+     */
+    public static function data_readable_http_methods() {
+        return array(
+            'GET request'  => array( 'GET' ),
+            'HEAD request' => array( 'HEAD' ),
+        );
+    }
+
+    /**
      * Search through all content with a low limit.
      */
@@ -240 +335 @@
     /**
      * Search through an invalid type
-     */
-    public function test_get_items_search_type_invalid() {
+     *
+     * @dataProvider data_readable_http_methods
+     * @ticket 56481
+     *
+     * @param string $method HTTP method to use.
+     */
+    public function test_get_items_search_type_invalid( $method ) {
         $response = $this->do_request_with_params(
             array(
                 'per_page' => 100,
                 'type'     => 'invalid',
-            )
+            ),
+            $method
         );
 
@@ -254 +355 @@
     /**
      * Search through posts of an invalid post type.
+     *
+     * @dataProvider data_readable_http_methods
+     * @ticket 56481
+     *
+     * @param string $method HTTP method to use.
      */
     public function test_get_items_search_type_post_subtype_invalid() {
@@ -463 +569 @@
     /**
      * Tests that non-public post types are not allowed.
-     */
-    public function test_non_public_post_type() {
+     *
+     * @dataProvider data_readable_http_methods
+     * @ticket 56481
+     *
+     * @param string $method HTTP method to use.
+     */
+    public function test_non_public_post_type( $method ) {
         $response = $this->do_request_with_params(
             array(
                 'type'    => 'post',
                 'subtype' => 'post,nav_menu_item',
-            )
+            ),
+            $method
         );
         $this->assertErrorResponse( 'rest_invalid_param', $response, 400 );
@@ -633 +745 @@
      * Search through posts of an invalid post type.
      *
+     *
+     * @dataProvider data_readable_http_methods
      * @ticket 51458
-     */
-    public function test_get_items_search_term_subtype_invalid() {
+     * @ticket 56481
+     *
+     * @param string $method HTTP method to use.
+     */
+    public function test_get_items_search_term_subtype_invalid( $method ) {
         $response = $this->do_request_with_params(
             array(
@@ -641 +758 @@
                 'type'     => 'term',
                 'subtype'  => 'invalid',
-            )
+            ),
+            $method
         );
 
@@ -891 +1009 @@
 
     /**
+     * @dataProvider data_readable_http_methods
      * @ticket 60771
-     */
-    public function test_sanitize_subtypes_validates_type() {
+     * @ticket 56481
+     *
+     * @param string $method HTTP method to use.
+     */
+    public function test_sanitize_subtypes_validates_type( $method ) {
         $response = $this->do_request_with_params(
             array(
                 'subtype' => 'page',
                 'type'    => array( 'invalid' ),
-            )
+            ),
+            $method
         );
 

trunk/tests/phpunit/tests/rest-api/rest-sidebars-controller.php

@@ -153 +153 @@
 
     /**
-     * @ticket 41683
-     */
-    public function test_get_items_no_permission() {
+     * @ticket 56481
+     */
+    public function test_get_items_with_head_request_should_not_prepare_sidebar_data() {
+        wp_widgets_init();
+
+        $request = new WP_REST_Request( 'HEAD', '/wp/v2/sidebars' );
+
+        $hook_name = 'rest_prepare_sidebar';
+        $filter    = new MockAction();
+        $callback  = array( $filter, 'filter' );
+
+        add_filter( $hook_name, $callback );
+        $response = rest_get_server()->dispatch( $request );
+        remove_filter( $hook_name, $callback );
+
+        $this->assertNotWPError( $response );
+
+        $this->assertSame( 200, $response->get_status(), 'The response status should be 200.' );
+        $this->assertSame( 0, $filter->get_call_count(), 'The "' . $hook_name . '" filter was called when it should not be for HEAD requests.' );
+        $this->assertNull( $response->get_data(), 'The server should not generate a body in response to a HEAD request.' );
+    }
+
+    /**
+     * @dataProvider data_readable_http_methods
+     * @ticket 41683
+     * @ticket 56481
+     *
+     * @param string $method HTTP method to use.
+     */
+    public function test_get_items_no_permission( $method ) {
         wp_set_current_user( 0 );
-        $request  = new WP_REST_Request( 'GET', '/wp/v2/sidebars' );
+        $request  = new WP_REST_Request( $method, '/wp/v2/sidebars' );
         $response = rest_get_server()->dispatch( $request );
         $this->assertErrorResponse( 'rest_cannot_manage_widgets', $response, 401 );
@@ -502 +529 @@
 
     /**
-     * @ticket 41683
-     */
-    public function test_get_item_no_permission() {
+     * @dataProvider data_readable_http_methods
+     * @ticket 56481
+     *
+     * @param string $method The HTTP method to use.
+     */
+    public function test_get_item_should_allow_adding_headers_via_filter( $method ) {
+        $hook_name = 'rest_prepare_sidebar';
+        $filter    = new MockAction();
+        $callback  = array( $filter, 'filter' );
+        add_filter( $hook_name, $callback );
+        $header_filter = new class() {
+            public static function add_custom_header( $response ) {
+                $response->header( 'X-Test-Header', 'Test' );
+
+                return $response;
+            }
+        };
+        add_filter( $hook_name, array( $header_filter, 'add_custom_header' ) );
+
+        $this->setup_sidebar(
+            'sidebar-1',
+            array(
+                'name' => 'Test sidebar',
+            )
+        );
+
+        $request  = new WP_REST_Request( $method, '/wp/v2/sidebars/sidebar-1' );
+        $response = rest_get_server()->dispatch( $request );
+        remove_filter( $hook_name, $callback );
+        remove_filter( $hook_name, array( $header_filter, 'add_custom_header' ) );
+
+        $this->assertSame( 200, $response->get_status(), 'The response status should be 200.' );
+        $this->assertSame( 1, $filter->get_call_count(), 'The "' . $hook_name . '" filter was not called when it should be for GET/HEAD requests.' );
+        $headers = $response->get_headers();
+        $this->assertArrayHasKey( 'X-Test-Header', $headers, 'The "X-Test-Header" header should be present in the response.' );
+        $this->assertSame( 'Test', $headers['X-Test-Header'], 'The "X-Test-Header" header value should be equal to "Test".' );
+        if ( 'HEAD' !== $method ) {
+            return null;
+        }
+        $this->assertNull( $response->get_data(), 'The server should not generate a body in response to a HEAD request.' );
+    }
+
+    /**
+     * Data provider intended to provide HTTP method names for testing GET and HEAD requests.
+     *
+     * @return array
+     */
+    public static function data_readable_http_methods() {
+        return array(
+            'GET request'  => array( 'GET' ),
+            'HEAD request' => array( 'HEAD' ),
+        );
+    }
+
+    /**
+     * @dataProvider data_readable_http_methods
+     * @ticket 41683
+     * @ticket 56481
+     *
+     * @param string $method The HTTP method to use.
+     */
+    public function test_get_item_no_permission( $method ) {
         wp_set_current_user( 0 );
         $this->setup_sidebar(
@@ -513 +599 @@
         );
 
-        $request  = new WP_REST_Request( 'GET', '/wp/v2/sidebars/sidebar-1' );
+        $request  = new WP_REST_Request( $method, '/wp/v2/sidebars/sidebar-1' );
         $response = rest_get_server()->dispatch( $request );
         $this->assertErrorResponse( 'rest_cannot_manage_widgets', $response, 401 );
@@ -553 +639 @@
 
     /**
-     * @ticket 41683
-     */
-    public function test_get_item_wrong_permission_author() {
+     * @dataProvider data_readable_http_methods
+     * @ticket 41683
+     * @ticket 56481
+     *
+     * @param string $method The HTTP method to use.
+     */
+    public function test_get_item_wrong_permission_author( $method ) {
         wp_set_current_user( self::$author_id );
         $this->setup_sidebar(
@@ -564 +654 @@
         );
 
-        $request  = new WP_REST_Request( 'GET', '/wp/v2/sidebars/sidebar-1' );
+        $request  = new WP_REST_Request( $method, '/wp/v2/sidebars/sidebar-1' );
         $response = rest_get_server()->dispatch( $request );
         $this->assertErrorResponse( 'rest_cannot_manage_widgets', $response, 403 );

trunk/tests/phpunit/tests/rest-api/rest-tags-controller.php

@@ -628 +628 @@
     }
 
-    public function test_get_terms_pagination_headers() {
+    /**
+     * @dataProvider data_readable_http_methods
+     * @ticket 56481
+     *
+     * @param string $method HTTP method to use.
+     */
+    public function test_get_terms_pagination_headers( $method ) {
         $total_tags  = self::$total_tags;
         $total_pages = (int) ceil( $total_tags / 10 );
 
         // Start of the index.
-        $request  = new WP_REST_Request( 'GET', '/wp/v2/tags' );
+        $request  = new WP_REST_Request( $method, '/wp/v2/tags' );
         $response = rest_get_server()->dispatch( $request );
         $headers  = $response->get_headers();
@@ -1503 +1509 @@
         $this->check_taxonomy_term( $tag, $data, $response->get_links() );
     }
+
+    /**
+     * @dataProvider data_readable_http_methods
+     * @ticket 56481
+     *
+     * @param string $method HTTP method to use.
+     */
+    public function test_get_items_only_fetches_ids_for_head_requests( $method ) {
+        $is_head_request = 'HEAD' === $method;
+        $request         = new WP_REST_Request( $method, '/wp/v2/tags' );
+
+        $filter = new MockAction();
+
+        add_filter( 'terms_pre_query', array( $filter, 'filter' ), 10, 2 );
+
+        $response = rest_get_server()->dispatch( $request );
+
+        $this->assertSame( 200, $response->get_status() );
+        if ( $is_head_request ) {
+            $this->assertEmpty( $response->get_data() );
+        } else {
+            $this->assertNotEmpty( $response->get_data() );
+        }
+
+        $args = $filter->get_args();
+        $this->assertTrue( isset( $args[0][1] ), 'Query parameters were not captured.' );
+        $this->assertInstanceOf( WP_Term_Query::class, $args[0][1], 'Query parameters were not captured.' );
+
+        /** @var WP_Term_Query $query */
+        $query = $args[0][1];
+
+        if ( $is_head_request ) {
+            $this->assertArrayHasKey( 'fields', $query->query_vars, 'The fields parameter is not set in the query vars.' );
+            $this->assertSame( 'ids', $query->query_vars['fields'], 'The query must fetch only term IDs.' );
+            $this->assertArrayHasKey( 'update_term_meta_cache', $query->query_vars, 'The update_term_meta_cache key is missing in the query vars.' );
+            $this->assertFalse( $query->query_vars['update_term_meta_cache'], 'The update_term_meta_cache value should be false for HEAD requests.' );
+        } else {
+            $this->assertTrue(
+                ! array_key_exists( 'fields', $query->query_vars ) || 'ids' !== $query->query_vars['fields'],
+                'The fields parameter should not be forced to "ids" for non-HEAD requests.'
+            );
+            $this->assertArrayHasKey( 'update_term_meta_cache', $query->query_vars, 'The update_term_meta_cache key is missing in the query vars.' );
+            $this->assertTrue( $query->query_vars['update_term_meta_cache'], 'The update_term_meta_cache value should be true for HEAD requests.' );
+        }
+
+        if ( ! $is_head_request ) {
+            return;
+        }
+
+        global $wpdb;
+        $terms_table = preg_quote( $wpdb->terms, '/' );
+
+        $pattern = '/SELECT\s+t\.term_id.+FROM\s+' . $terms_table . '\s+AS\s+t\s+INNER\s+JOIN/is';
+
+        // Assert that the SQL query only fetches the term_id column.
+        $this->assertMatchesRegularExpression( $pattern, $query->request, 'The SQL query does not match the expected string.' );
+    }
+
+    /**
+     * Data provider intended to provide HTTP method names for testing GET and HEAD requests.
+     *
+     * @return array
+     */
+    public static function data_readable_http_methods() {
+        return array(
+            'GET request'  => array( 'GET' ),
+            'HEAD request' => array( 'HEAD' ),
+        );
+    }
+
+    /**
+     * @dataProvider data_readable_http_methods
+     * @ticket 56481
+     *
+     * @param string $method The HTTP method to use.
+     */
+    public function test_get_item_should_allow_adding_headers_via_filter( string $method ) {
+        $tag_id = self::factory()->tag->create();
+
+        $request = new WP_REST_Request( $method, sprintf( '/wp/v2/tags/%d', $tag_id ) );
+
+        $hook_name = 'rest_prepare_post_tag';
+
+        $filter   = new MockAction();
+        $callback = array( $filter, 'filter' );
+        add_filter( $hook_name, $callback );
+        $header_filter = new class() {
+            public static function add_custom_header( $response ) {
+                $response->header( 'X-Test-Header', 'Test' );
+
+                return $response;
+            }
+        };
+        add_filter( $hook_name, array( $header_filter, 'add_custom_header' ) );
+        $response = rest_get_server()->dispatch( $request );
+        remove_filter( $hook_name, $callback );
+        remove_filter( $hook_name, array( $header_filter, 'add_custom_header' ) );
+
+        $this->assertSame( 200, $response->get_status(), 'The response status should be 200.' );
+        $this->assertSame( 1, $filter->get_call_count(), 'The "' . $hook_name . '" filter was called when it should not be for HEAD requests.' );
+        $headers = $response->get_headers();
+        $this->assertArrayHasKey( 'X-Test-Header', $headers, 'The "X-Test-Header" header should be present in the response.' );
+        $this->assertSame( 'Test', $headers['X-Test-Header'], 'The "X-Test-Header" header value should be equal to "Test".' );
+        if ( 'HEAD' !== $method ) {
+            return null;
+        }
+        $this->assertNull( $response->get_data(), 'The server should not generate a body in response to a HEAD request.' );
+    }
 }

trunk/tests/phpunit/tests/rest-api/rest-taxonomies-controller.php

@@ -61 +61 @@
     }
 
+    /**
+     * @ticket 56481
+     */
+    public function test_get_items_with_head_request_should_not_prepare_taxonomy_data() {
+        $request   = new WP_REST_Request( 'HEAD', '/wp/v2/taxonomies' );
+        $hook_name = 'rest_prepare_taxonomy';
+        $filter    = new MockAction();
+        $callback  = array( $filter, 'filter' );
+        add_filter( $hook_name, $callback );
+        $response = rest_get_server()->dispatch( $request );
+        remove_filter( $hook_name, $callback );
+        $this->assertSame( 200, $response->get_status(), 'The response status should be 200.' );
+        $this->assertSame( 0, $filter->get_call_count(), 'The "' . $hook_name . '" filter was called when it should not be for HEAD requests.' );
+        $this->assertNull( $response->get_data(), 'The server should not generate a body in response to a HEAD request.' );
+    }
+
     public function test_get_items_context_edit() {
         wp_set_current_user( self::$contributor_id );
@@ -80 +96 @@
     }
 
-    public function test_get_items_invalid_permission_for_context() {
+
+    /**
+     * @dataProvider data_readable_http_methods
+     * @ticket 56481
+     *
+     * @param string $method HTTP method to use.
+     */
+    public function test_get_items_invalid_permission_for_context( $method ) {
         wp_set_current_user( 0 );
-        $request = new WP_REST_Request( 'GET', '/wp/v2/taxonomies' );
+        $request = new WP_REST_Request( $method, '/wp/v2/taxonomies' );
         $request->set_param( 'context', 'edit' );
         $response = rest_get_server()->dispatch( $request );
         $this->assertErrorResponse( 'rest_cannot_view', $response, 401 );
+    }
+
+    /**
+     * Data provider intended to provide HTTP method names for testing GET and HEAD requests.
+     *
+     * @return array
+     */
+    public static function data_readable_http_methods() {
+        return array(
+            'GET request'  => array( 'GET' ),
+            'HEAD request' => array( 'HEAD' ),
+        );
     }
 
@@ -95 +130 @@
     }
 
-    public function test_get_taxonomies_for_invalid_type() {
-        $request = new WP_REST_Request( 'GET', '/wp/v2/taxonomies' );
+    /**
+     * @dataProvider data_readable_http_methods
+     * @ticket 56481
+     *
+     * @param string $method HTTP method to use.
+     */
+    public function test_get_taxonomies_for_invalid_type( $method ) {
+        $request = new WP_REST_Request( $method, '/wp/v2/taxonomies' );
         $request->set_param( 'type', 'wingding' );
         $response = rest_get_server()->dispatch( $request );
         $this->assertSame( 200, $response->get_status() );
+        if ( 'HEAD' === $method ) {
+            return null;
+        }
         $data = $response->get_data();
         $this->assertSame( '{}', json_encode( $data ) );
@@ -108 +152 @@
         $response = rest_get_server()->dispatch( $request );
         $this->check_taxonomy_object_response( 'view', $response );
+    }
+
+    /**
+     * @dataProvider data_readable_http_methods
+     * @ticket 56481
+     *
+     * @param string $method The HTTP method to use.
+     */
+    public function test_get_item_should_allow_adding_headers_via_filter( $method ) {
+        $request   = new WP_REST_Request( 'HEAD', '/wp/v2/taxonomies/category' );
+        $hook_name = 'rest_prepare_taxonomy';
+        $filter    = new MockAction();
+        $callback  = array( $filter, 'filter' );
+        add_filter( $hook_name, $callback );
+        $header_filter = new class() {
+            public static function add_custom_header( $response ) {
+                $response->header( 'X-Test-Header', 'Test' );
+
+                return $response;
+            }
+        };
+        add_filter( $hook_name, array( $header_filter, 'add_custom_header' ) );
+        $response = rest_get_server()->dispatch( $request );
+        remove_filter( $hook_name, $callback );
+        remove_filter( $hook_name, array( $header_filter, 'add_custom_header' ) );
+
+        $this->assertSame( 200, $response->get_status(), 'The response status should be 200.' );
+        $this->assertSame( 1, $filter->get_call_count(), 'The "' . $hook_name . '" filter was called when it should not be for HEAD requests.' );
+        $headers = $response->get_headers();
+        $this->assertArrayHasKey( 'X-Test-Header', $headers, 'The "X-Test-Header" header should be present in the response.' );
+        $this->assertSame( 'Test', $headers['X-Test-Header'], 'The "X-Test-Header" header value should be equal to "Test".' );
+        if ( 'HEAD' !== $method ) {
+            return null;
+        }
+        $this->assertNull( $response->get_data(), 'The server should not generate a body in response to a HEAD request.' );
     }
 
@@ -119 +198 @@
     }
 
-    public function test_get_item_invalid_permission_for_context() {
+    /**
+     * @dataProvider data_readable_http_methods
+     * @ticket 56481
+     *
+     * @param string $method HTTP method to use.
+     */
+    public function test_get_item_invalid_permission_for_context( $method ) {
         wp_set_current_user( 0 );
-        $request = new WP_REST_Request( 'GET', '/wp/v2/taxonomies/category' );
+        $request = new WP_REST_Request( $method, '/wp/v2/taxonomies/category' );
         $request->set_param( 'context', 'edit' );
         $response = rest_get_server()->dispatch( $request );
@@ -127 +212 @@
     }
 
-    public function test_get_invalid_taxonomy() {
-        $request  = new WP_REST_Request( 'GET', '/wp/v2/taxonomies/invalid' );
+    /**
+     * @dataProvider data_readable_http_methods
+     * @ticket 56481
+     *
+     * @param string $method HTTP method to use.
+     */
+    public function test_get_invalid_taxonomy( $method ) {
+        $request  = new WP_REST_Request( $method, '/wp/v2/taxonomies/invalid' );
         $response = rest_get_server()->dispatch( $request );
         $this->assertErrorResponse( 'rest_taxonomy_invalid', $response, 404 );
     }
 
-    public function test_get_non_public_taxonomy_not_authenticated() {
+    /**
+     * @dataProvider data_readable_http_methods
+     * @ticket 56481
+     *
+     * @param string $method HTTP method to use.
+     */
+    public function test_get_non_public_taxonomy_not_authenticated( $method ) {
         register_taxonomy( 'api-private', 'post', array( 'public' => false ) );
 
-        $request  = new WP_REST_Request( 'GET', '/wp/v2/taxonomies/api-private' );
+        $request  = new WP_REST_Request( $method, '/wp/v2/taxonomies/api-private' );
         $response = rest_get_server()->dispatch( $request );
         $this->assertErrorResponse( 'rest_forbidden', $response, 401 );
     }
 
-    public function test_get_non_public_taxonomy_no_permission() {
+    /**
+     * @dataProvider data_readable_http_methods
+     * @ticket 56481
+     *
+     * @param string $method HTTP method to use.
+     */
+    public function test_get_non_public_taxonomy_no_permission( $method ) {
         wp_set_current_user( self::$contributor_id );
         register_taxonomy( 'api-private', 'post', array( 'public' => false ) );
 
-        $request  = new WP_REST_Request( 'GET', '/wp/v2/taxonomies/api-private' );
+        $request  = new WP_REST_Request( $method, '/wp/v2/taxonomies/api-private' );
         $response = rest_get_server()->dispatch( $request );
         $this->assertErrorResponse( 'rest_forbidden', $response, 403 );

trunk/tests/phpunit/tests/rest-api/rest-users-controller.php

@@ -235 +235 @@
     }
 
-    public function test_get_items_with_edit_context() {
-        wp_set_current_user( self::$user );
-
-        $request = new WP_REST_Request( 'GET', '/wp/v2/users' );
+    /**
+     * @dataProvider data_readable_http_methods
+     * @ticket 56481
+     *
+     * @param string $method HTTP method to use.
+     */
+    public function test_get_items_with_edit_context( $method ) {
+        wp_set_current_user( self::$user );
+
+        $request = new WP_REST_Request( $method, '/wp/v2/users' );
         $request->set_param( 'context', 'edit' );
         $response = rest_get_server()->dispatch( $request );
 
-        $this->assertSame( 200, $response->get_status() );
+        $this->assertSame(
+            200,
+            $response->get_status(),
+            sprintf( 'Expected HTTP status code 200 but got %s.', $response->get_status() )
+        );
+
+        if ( 'HEAD' === $method ) {
+            $this->assertNull( $response->get_data(), 'Expected null response data for HEAD request, but received non-null data.' );
+            return null;
+        }
 
         $all_data = $response->get_data();
@@ -250 +265 @@
     }
 
-    public function test_get_items_with_edit_context_without_permission() {
+    /**
+     * Data provider intended to provide HTTP method names for testing GET and HEAD requests.
+     *
+     * @return array
+     */
+    public static function data_readable_http_methods() {
+        return array(
+            'GET request'  => array( 'GET' ),
+            'HEAD request' => array( 'HEAD' ),
+        );
+    }
+
+    /**
+     * @dataProvider data_readable_http_methods
+     * @ticket 56481
+     *
+     * @param string $method HTTP method to use.
+     */
+    public function test_get_items_with_edit_context_without_permission( $method ) {
         // Test with a user not logged in.
-        $request = new WP_REST_Request( 'GET', '/wp/v2/users' );
+        $request = new WP_REST_Request( $method, '/wp/v2/users' );
         $request->set_param( 'context', 'edit' );
         $response = rest_get_server()->dispatch( $request );
@@ -262 +295 @@
         wp_set_current_user( self::$editor );
 
-        $request = new WP_REST_Request( 'GET', '/wp/v2/users' );
+        $request = new WP_REST_Request( $method, '/wp/v2/users' );
         $request->set_param( 'context', 'edit' );
         $response = rest_get_server()->dispatch( $request );
@@ -320 +353 @@
     }
 
-    public function test_get_items_pagination_headers() {
+    /**
+     * @dataProvider data_readable_http_methods
+     * @ticket 56481
+     *
+     * @param string $method HTTP method to use.
+     */
+    public function test_get_items_pagination_headers( $method ) {
         $total_users = self::$total_users;
         $total_pages = (int) ceil( $total_users / 10 );
@@ -327 +366 @@
 
         // Start of the index.
-        $request  = new WP_REST_Request( 'GET', '/wp/v2/users' );
+        $request  = new WP_REST_Request( $method, '/wp/v2/users' );
         $response = rest_get_server()->dispatch( $request );
         $headers  = $response->get_headers();
@@ -345 +384 @@
         ++$total_users;
         ++$total_pages;
-        $request = new WP_REST_Request( 'GET', '/wp/v2/users' );
+        $request = new WP_REST_Request( $method, '/wp/v2/users' );
         $request->set_param( 'page', 3 );
         $response = rest_get_server()->dispatch( $request );
@@ -367 +406 @@
 
         // Last page.
-        $request = new WP_REST_Request( 'GET', '/wp/v2/users' );
+        $request = new WP_REST_Request( $method, '/wp/v2/users' );
         $request->set_param( 'page', $total_pages );
         $response = rest_get_server()->dispatch( $request );
@@ -383 +422 @@
 
         // Out of bounds.
-        $request = new WP_REST_Request( 'GET', '/wp/v2/users' );
+        $request = new WP_REST_Request( $method, '/wp/v2/users' );
         $request->set_param( 'page', 100 );
         $response = rest_get_server()->dispatch( $request );
@@ -412 +451 @@
     }
 
-    public function test_get_items_page() {
-        wp_set_current_user( self::$user );
-
-        $request = new WP_REST_Request( 'GET', '/wp/v2/users' );
+    /**
+     * @dataProvider data_readable_http_methods
+     * @ticket 56481
+     *
+     * @param string $method HTTP method to use.
+     */
+    public function test_get_items_page( $method ) {
+        wp_set_current_user( self::$user );
+
+        $request = new WP_REST_Request( $method, '/wp/v2/users' );
         $request->set_param( 'per_page', 5 );
         $request->set_param( 'page', 2 );
         $response = rest_get_server()->dispatch( $request );
-        $this->assertCount( 5, $response->get_data() );
+
+        if ( 'HEAD' !== $method ) {
+            $this->assertCount( 5, $response->get_data() );
+        }
+
         $prev_link = add_query_arg(
             array(
@@ -1266 +1315 @@
     }
 
-    public function test_get_current_user() {
-        wp_set_current_user( self::$user );
-
-        $request  = new WP_REST_Request( 'GET', '/wp/v2/users/me' );
+    /**
+     * @dataProvider data_readable_http_methods
+     * @ticket 56481
+     *
+     * @param string $method HTTP method to use.
+     */
+    public function test_get_current_user( $method ) {
+        wp_set_current_user( self::$user );
+
+        $request  = new WP_REST_Request( $method, '/wp/v2/users/me' );
         $response = rest_get_server()->dispatch( $request );
         $this->assertSame( 200, $response->get_status() );
-        $this->check_get_user_response( $response, 'view' );
-
         $headers = $response->get_headers();
         $this->assertArrayNotHasKey( 'Location', $headers );
 
+        if ( 'HEAD' === $method ) {
+            // HEAD responses only contain headers. Bail.
+            return null;
+        }
+        $this->check_get_user_response( $response, 'view' );
         $links = $response->get_links();
         $this->assertSame( rest_url( 'wp/v2/users/' . self::$user ), $links['self'][0]['href'] );
@@ -3159 +3217 @@
     }
 
+    /**
+     * @dataProvider data_readable_http_methods
+     * @ticket 56481
+     *
+     * @param string $method The HTTP method to use.
+     */
+    public function test_get_item_should_allow_adding_headers_via_filter( $method ) {
+        wp_set_current_user( self::$user );
+        $request = new WP_REST_Request( $method, sprintf( '/wp/v2/users/%d', self::$user ) );
+
+        $hook_name = 'rest_prepare_user';
+
+        $filter   = new MockAction();
+        $callback = array( $filter, 'filter' );
+        add_filter( $hook_name, $callback );
+        $header_filter = new class() {
+            public static function add_custom_header( $response ) {
+                $response->header( 'X-Test-Header', 'Test' );
+
+                return $response;
+            }
+        };
+        add_filter( $hook_name, array( $header_filter, 'add_custom_header' ) );
+        $response = rest_get_server()->dispatch( $request );
+        remove_filter( $hook_name, $callback );
+        remove_filter( $hook_name, array( $header_filter, 'add_custom_header' ) );
+
+        $this->assertSame( 200, $response->get_status(), 'The response status should be 200.' );
+        $this->assertSame( 1, $filter->get_call_count(), 'The "' . $hook_name . '" filter was called when it should not be for HEAD requests.' );
+        $headers = $response->get_headers();
+        $this->assertArrayHasKey( 'X-Test-Header', $headers, 'The "X-Test-Header" header should be present in the response.' );
+        $this->assertSame( 'Test', $headers['X-Test-Header'], 'The "X-Test-Header" header value should be equal to "Test".' );
+        if ( 'HEAD' !== $method ) {
+            return null;
+        }
+        $this->assertNull( $response->get_data(), 'The server should not generate a body in response to a HEAD request.' );
+    }
+
+    /**
+     * @dataProvider data_readable_http_methods
+     * @ticket 56481
+     *
+     * @param string $method HTTP method to use.
+     */
+    public function test_get_items_only_fetches_ids_for_head_requests( $method ) {
+        $is_head_request = 'HEAD' === $method;
+        $request         = new WP_REST_Request( $method, '/wp/v2/users' );
+
+        $filter = new MockAction();
+
+        add_filter( 'pre_user_query', array( $filter, 'filter' ), 10, 2 );
+
+        $response = rest_get_server()->dispatch( $request );
+
+        $this->assertSame( 200, $response->get_status() );
+        if ( $is_head_request ) {
+            $this->assertNull( $response->get_data() );
+        } else {
+            $this->assertNotEmpty( $response->get_data() );
+        }
+
+        $args = $filter->get_args();
+        $this->assertTrue( isset( $args[0][0] ), 'Query parameters were not captured.' );
+        $this->assertInstanceOf( WP_User_Query::class, $args[0][0], 'Query parameters were not captured.' );
+
+        /** @var WP_User $query */
+        $query = $args[0][0];
+
+        if ( $is_head_request ) {
+            $this->assertArrayHasKey( 'fields', $query->query_vars, 'The fields parameter is not set in the query vars.' );
+            $this->assertSame( 'id', $query->query_vars['fields'], 'The query must fetch only user IDs.' );
+        } else {
+            $this->assertTrue(
+                ! array_key_exists( 'fields', $query->query_vars ) || 'id' !== $query->query_vars['fields'],
+                'The fields parameter should not be forced to "id" for non-HEAD requests.'
+            );
+        }
+
+        if ( ! $is_head_request ) {
+            return;
+        }
+
+        global $wpdb;
+        $users_table = preg_quote( $wpdb->users, '/' );
+        $pattern     = '/SELECT SQL_CALC_FOUND_ROWS wptests_users.ID\n\s+FROM\s+' . $users_table . '/is';
+
+        // Assert that the SQL query only fetches the id column.
+        $this->assertMatchesRegularExpression( $pattern, $query->request, 'The SQL query does not match the expected string.' );
+    }
+
     protected function check_user_data( $user, $data, $context, $links ) {
         $this->assertSame( $user->ID, $data['id'] );

trunk/tests/phpunit/tests/rest-api/rest-widget-types-controller.php

@@ -123 +123 @@
 
     /**
+     * @ticket 56481
+     */
+    public function test_get_items_with_head_request_should_not_prepare_widget_types_data() {
+        wp_set_current_user( self::$admin_id );
+        $request  = new WP_REST_Request( 'HEAD', '/wp/v2/widget-types' );
+        $response = rest_get_server()->dispatch( $request );
+        $this->assertSame( 200, $response->get_status(), 'The response status should be 200.' );
+        $this->assertNull( $response->get_data(), 'The server should not generate a body in response to a HEAD request.' );
+    }
+
+    /**
      * @ticket 53303
      */
@@ -183 +194 @@
 
     /**
+     * @dataProvider data_readable_http_methods
+     * @ticket 56481
+     *
+     * @param string $method The HTTP method to use.
+     */
+    public function test_get_item_should_allow_adding_headers_via_filter( $method ) {
+        $widget_name = 'calendar';
+        wp_set_current_user( self::$admin_id );
+        $request = new WP_REST_Request( $method, '/wp/v2/widget-types/' . $widget_name );
+
+        $hook_name = 'rest_prepare_widget_type';
+        $filter    = new MockAction();
+        $callback  = array( $filter, 'filter' );
+        add_filter( $hook_name, $callback );
+        $header_filter = new class() {
+            public static function add_custom_header( $response ) {
+                $response->header( 'X-Test-Header', 'Test' );
+
+                return $response;
+            }
+        };
+        add_filter( $hook_name, array( $header_filter, 'add_custom_header' ) );
+        $response = rest_get_server()->dispatch( $request );
+        remove_filter( $hook_name, $callback );
+        remove_filter( $hook_name, array( $header_filter, 'add_custom_header' ) );
+
+        $this->assertSame( 200, $response->get_status(), 'The response status should be 200.' );
+        $this->assertSame( 1, $filter->get_call_count(), 'The "' . $hook_name . '" filter was not called when it should be for GET/HEAD requests.' );
+        $headers = $response->get_headers();
+        $this->assertArrayHasKey( 'X-Test-Header', $headers, 'The "X-Test-Header" header should be present in the response.' );
+        $this->assertSame( 'Test', $headers['X-Test-Header'], 'The "X-Test-Header" header value should be equal to "Test".' );
+        if ( 'HEAD' !== $method ) {
+            return null;
+        }
+        $this->assertNull( $response->get_data(), 'The server should not generate a body in response to a HEAD request.' );
+    }
+
+    /**
+     * Data provider intended to provide HTTP method names for testing GET and HEAD requests.
+     *
+     * @return array
+     */
+    public static function data_readable_http_methods() {
+        return array(
+            'GET request'  => array( 'GET' ),
+            'HEAD request' => array( 'HEAD' ),
+        );
+    }
+
+    /**
      * @ticket 41683
      */
@@ -201 +262 @@
 
     /**
-     * @ticket 41683
-     */
-    public function test_get_widget_invalid_name() {
+     * @dataProvider data_readable_http_methods
+     * @ticket 41683
+     * @ticket 56481
+     *
+     * @param string $method HTTP method to use.
+     */
+    public function test_get_widget_invalid_name( $method ) {
         $widget_type = 'fake';
         wp_set_current_user( self::$admin_id );
-        $request  = new WP_REST_Request( 'GET', '/wp/v2/widget-types/' . $widget_type );
+        $request  = new WP_REST_Request( $method, '/wp/v2/widget-types/' . $widget_type );
         $response = rest_get_server()->dispatch( $request );
 
@@ -252 +317 @@
 
     /**
-     * @ticket 41683
-     */
-    public function test_get_items_wrong_permission() {
+     * @dataProvider data_readable_http_methods
+     * @ticket 41683
+     * @ticket 56481
+     *
+     * @param string $method HTTP method to use.
+     */
+    public function test_get_items_wrong_permission( $method ) {
         wp_set_current_user( self::$subscriber_id );
-        $request  = new WP_REST_Request( 'GET', '/wp/v2/widget-types' );
+        $request  = new WP_REST_Request( $method, '/wp/v2/widget-types' );
         $response = rest_get_server()->dispatch( $request );
         $this->assertErrorResponse( 'rest_cannot_manage_widgets', $response, 403 );
@@ -262 +331 @@
 
     /**
-     * @ticket 41683
-     */
-    public function test_get_item_wrong_permission() {
+     * @dataProvider data_readable_http_methods
+     * @ticket 41683
+     * @ticket 56481
+     *
+     * @param string $method HTTP method to use.
+     */
+    public function test_get_item_wrong_permission( $method ) {
         wp_set_current_user( self::$subscriber_id );
-        $request  = new WP_REST_Request( 'GET', '/wp/v2/widget-types/calendar' );
+        $request  = new WP_REST_Request( $method, '/wp/v2/widget-types/calendar' );
         $response = rest_get_server()->dispatch( $request );
         $this->assertErrorResponse( 'rest_cannot_manage_widgets', $response, 403 );
@@ -272 +345 @@
 
     /**
-     * @ticket 41683
-     */
-    public function test_get_items_no_permission() {
+     * @dataProvider data_readable_http_methods
+     * @ticket 41683
+     * @ticket 56481
+     *
+     * @param string $method HTTP method to use.
+     */
+    public function test_get_items_no_permission( $method ) {
         wp_set_current_user( 0 );
-        $request  = new WP_REST_Request( 'GET', '/wp/v2/widget-types' );
+        $request  = new WP_REST_Request( $method, '/wp/v2/widget-types' );
         $response = rest_get_server()->dispatch( $request );
         $this->assertErrorResponse( 'rest_cannot_manage_widgets', $response, 401 );
@@ -282 +359 @@
 
     /**
-     * @ticket 41683
-     */
-    public function test_get_item_no_permission() {
+     * @dataProvider data_readable_http_methods
+     * @ticket 41683
+     * @ticket 56481
+     *
+     * @param string $method HTTP method to use.
+     */
+    public function test_get_item_no_permission( $method ) {
         wp_set_current_user( 0 );
-        $request  = new WP_REST_Request( 'GET', '/wp/v2/widget-types/calendar' );
+        $request  = new WP_REST_Request( $method, '/wp/v2/widget-types/calendar' );
         $response = rest_get_server()->dispatch( $request );
         $this->assertErrorResponse( 'rest_cannot_manage_widgets', $response, 401 );

trunk/tests/phpunit/tests/rest-api/rest-widgets-controller.php

@@ -229 +229 @@
 
     /**
-     * @ticket 41683
-     */
-    public function test_get_items_no_permission() {
+     * @dataProvider data_readable_http_methods
+     * @ticket 41683
+     * @ticket 56481
+     *
+     * @param string $method The HTTP method to use.
+     */
+    public function test_get_items_no_permission( $method ) {
         wp_set_current_user( 0 );
-        $request  = new WP_REST_Request( 'GET', '/wp/v2/widgets' );
+        $request  = new WP_REST_Request( $method, '/wp/v2/widgets' );
         $response = rest_get_server()->dispatch( $request );
         $this->assertErrorResponse( 'rest_cannot_manage_widgets', $response, 401 );
+    }
+
+    /**
+     * Data provider intended to provide HTTP method names for testing GET and HEAD requests.
+     *
+     * @return array
+     */
+    public static function data_readable_http_methods() {
+        return array(
+            'GET request'  => array( 'GET' ),
+            'HEAD request' => array( 'HEAD' ),
+        );
     }
 
@@ -333 +349 @@
 
     /**
-     * @ticket 41683
-     */
-    public function test_get_items_wrong_permission_author() {
+     * @dataProvider data_readable_http_methods
+     * @ticket 41683
+     * @ticket 56481
+     *
+     * @param string $method The HTTP method to use.
+     */
+    public function test_get_items_wrong_permission_author( $method ) {
         wp_set_current_user( self::$author_id );
-        $request  = new WP_REST_Request( 'GET', '/wp/v2/widgets' );
+        $request  = new WP_REST_Request( $method, '/wp/v2/widgets' );
         $response = rest_get_server()->dispatch( $request );
         $this->assertErrorResponse( 'rest_cannot_manage_widgets', $response, 403 );
@@ -378 +398 @@
         $request  = new WP_REST_Request( 'GET', '/wp/v2/widgets' );
         $response = rest_get_server()->dispatch( $request );
-        $data     = $response->get_data();
-        $data     = $this->remove_links( $data );
+        remove_filter( 'pre_http_request', array( $this, 'mocked_rss_response' ) );
+        $data = $response->get_data();
+        $data = $this->remove_links( $data );
         $this->assertSameSets(
             array(
@@ -405 +426 @@
 
         $wp_widget_factory->widgets['WP_Widget_RSS']->widget_options['show_instance_in_rest'] = true;
+    }
+
+    /**
+     * @dataProvider data_readable_http_methods
+     * @ticket 56481
+     *
+     * @param string $method The HTTP method to use.
+     */
+    public function test_get_items_with_head_request_should_not_prepare_widget_data( $method ) {
+        $block_content = '<!-- wp:paragraph --><p>Block test</p><!-- /wp:paragraph -->';
+
+        $this->setup_widget(
+            'rss',
+            1,
+            array(
+                'title' => 'RSS test',
+                'url'   => 'https://wordpress.org/news/feed',
+            )
+        );
+        $this->setup_widget(
+            'block',
+            1,
+            array(
+                'content' => $block_content,
+            )
+        );
+        $this->setup_sidebar(
+            'sidebar-1',
+            array(
+                'name' => 'Test sidebar',
+            ),
+            array( 'block-1', 'rss-1', 'testwidget' )
+        );
+
+        $request = new WP_REST_Request( 'HEAD', '/wp/v2/widgets' );
+
+        $hook_name = 'rest_prepare_post';
+        $filter    = new MockAction();
+        $callback  = array( $filter, 'filter' );
+
+        add_filter( $hook_name, $callback );
+        $response = rest_get_server()->dispatch( $request );
+        remove_filter( $hook_name, $callback );
+
+        $this->assertNotWPError( $response );
+        $this->assertSame( 200, $response->get_status(), 'The response status should be 200.' );
+        $this->assertSame( 0, $filter->get_call_count(), 'The "' . $hook_name . '" filter was called when it should not be for HEAD requests.' );
+        $this->assertNull( $response->get_data(), 'The server should not generate a body in response to a HEAD request.' );
     }
 
@@ -529 +598 @@
 
     /**
-     * @ticket 41683
-     */
-    public function test_get_item_no_permission() {
+     * @dataProvider data_readable_http_methods
+     * @ticket 56481
+     *
+     * @param string $method The HTTP method to use.
+     */
+    public function test_get_item_should_allow_adding_headers_via_filter( $method ) {
+        $this->setup_widget(
+            'text',
+            1,
+            array(
+                'text' => 'Custom text test',
+            )
+        );
+        $this->setup_sidebar(
+            'sidebar-1',
+            array(
+                'name' => 'Test sidebar',
+            ),
+            array( 'text-1' )
+        );
+
+        $request = new WP_REST_Request( $method, '/wp/v2/widgets/text-1' );
+
+        $hook_name = 'rest_prepare_widget';
+        $filter    = new MockAction();
+        $callback  = array( $filter, 'filter' );
+        add_filter( $hook_name, $callback );
+        $header_filter = new class() {
+            public static function add_custom_header( $response ) {
+                $response->header( 'X-Test-Header', 'Test' );
+
+                return $response;
+            }
+        };
+        add_filter( $hook_name, array( $header_filter, 'add_custom_header' ) );
+        $response = rest_get_server()->dispatch( $request );
+        remove_filter( $hook_name, $callback );
+        remove_filter( $hook_name, array( $header_filter, 'add_custom_header' ) );
+
+        $this->assertSame( 200, $response->get_status(), 'The response status should be 200.' );
+        $this->assertSame( 1, $filter->get_call_count(), 'The "' . $hook_name . '" filter was not called when it should be for GET/HEAD requests.' );
+        $headers = $response->get_headers();
+        $this->assertArrayHasKey( 'X-Test-Header', $headers, 'The "X-Test-Header" header should be present in the response.' );
+        $this->assertSame( 'Test', $headers['X-Test-Header'], 'The "X-Test-Header" header value should be equal to "Test".' );
+        if ( 'HEAD' !== $method ) {
+            return null;
+        }
+        $this->assertNull( $response->get_data(), 'The server should not generate a body in response to a HEAD request.' );
+    }
+
+    /**
+     * @dataProvider data_readable_http_methods
+     * @ticket 41683
+     * @ticket 56481
+     *
+     * @param string $method The HTTP method to use.
+     */
+    public function test_get_item_no_permission( $method ) {
         wp_set_current_user( 0 );
 
@@ -549 +673 @@
         );
 
-        $request  = new WP_REST_Request( 'GET', '/wp/v2/widgets/text-1' );
+        $request  = new WP_REST_Request( $method, '/wp/v2/widgets/text-1' );
         $response = rest_get_server()->dispatch( $request );
         $this->assertErrorResponse( 'rest_cannot_manage_widgets', $response, 401 );
@@ -555 +679 @@
 
     /**
-     * @ticket 41683
-     */
-    public function test_get_item_wrong_permission_author() {
+     * @dataProvider data_readable_http_methods
+     * @ticket 41683
+     * @ticket 56481
+     *
+     * @param string $method The HTTP method to use.
+     */
+    public function test_get_item_wrong_permission_author( $method ) {
         wp_set_current_user( self::$author_id );
         $this->setup_widget(
@@ -573 +701 @@
         );
 
-        $request  = new WP_REST_Request( 'GET', '/wp/v2/widgets/text-1' );
+        $request  = new WP_REST_Request( $method, '/wp/v2/widgets/text-1' );
         $response = rest_get_server()->dispatch( $request );
         $this->assertErrorResponse( 'rest_cannot_manage_widgets', $response, 403 );

trunk/tests/phpunit/tests/rest-api/wpRestBlockPatternCategoriesController.php

@@ -125 +125 @@
 
     /**
+     * @ticket 56481
+     */
+    public function test_get_items_with_head_request_should_not_prepare_block_pattern_categories_data() {
+        wp_set_current_user( self::$admin_id );
+        $request  = new WP_REST_Request( 'HEAD', static::REQUEST_ROUTE );
+        $response = rest_get_server()->dispatch( $request );
+        $this->assertSame( 200, $response->get_status(), 'The response status should be 200.' );
+        $this->assertNull( $response->get_data(), 'The server should not generate a body in response to a HEAD request.' );
+    }
+
+    /**
      * Verify capability check for unauthorized request (not logged in).
      */

trunk/tests/phpunit/tests/rest-api/wpRestTemplateAutosavesController.php

@@ -34 +34 @@
      */
     const TEMPLATE_PART_POST_TYPE = 'wp_template_part';
+
+    /**
+     * @var string
+     */
+    const PARENT_POST_TYPE = 'wp_template';
 
     /**
@@ -294 +299 @@
 
     /**
+     * @ticket 56481
+     */
+    public function test_get_items_should_return_no_response_body_for_head_requests() {
+        wp_set_current_user( self::$admin_id );
+        $autosave_post_id = wp_create_post_autosave(
+            array(
+                'post_content' => 'Autosave content.',
+                'post_ID'      => self::$template_post->ID,
+                'post_type'    => self::PARENT_POST_TYPE,
+            )
+        );
+
+        $request  = new WP_REST_Request(
+            'HEAD',
+            '/wp/v2/templates/' . self::TEST_THEME . '/' . self::TEMPLATE_NAME . '/autosaves'
+        );
+        $response = rest_get_server()->dispatch( $request );
+        $this->assertSame( 200, $response->get_status(), 'Response status is 200.' );
+        $this->assertNull( $response->get_data(), 'The server should not generate a body in response to a HEAD request.' );
+    }
+
+    /**
      * Data provider for test_get_items_with_data_provider.
      *
@@ -425 +452 @@
             )
         );
+    }
+
+    /**
+     * @ticket 56481
+     */
+    public function test_get_item_should_return_no_response_body_for_head_requests() {
+        wp_set_current_user( self::$admin_id );
+
+        $autosave_post_id = wp_create_post_autosave(
+            array(
+                'post_content' => 'Autosave content.',
+                'post_ID'      => self::$template_post->ID,
+                'post_type'    => self::PARENT_POST_TYPE,
+            )
+        );
+
+        $request  = new WP_REST_Request( 'HEAD', '/wp/v2/templates/' . self::TEST_THEME . '/' . self::TEMPLATE_NAME . '/autosaves/' . $autosave_post_id );
+        $response = rest_get_server()->dispatch( $request );
+        $this->assertSame( 200, $response->get_status(), 'Response status is 200.' );
+        $this->assertNull( $response->get_data(), 'The server should not generate a body in response to a HEAD request.' );
     }
 

trunk/tests/phpunit/tests/rest-api/wpRestTemplateRevisionsController.php

@@ -427 +427 @@
         );
     }
+    /**
+     * @ticket 56481
+     */
+    public function test_get_items_should_return_no_response_body_for_head_requests() {
+        wp_set_current_user( self::$admin_id );
+        $request  = new WP_REST_Request(
+            'HEAD',
+            '/wp/v2/templates/' . self::TEST_THEME . '/' . self::TEMPLATE_NAME . '/revisions'
+        );
+        $response = rest_get_server()->dispatch( $request );
+        $this->assertSame( 200, $response->get_status(), 'Response status is 200.' );
+        $this->assertNull( $response->get_data(), 'The server should not generate a body in response to a HEAD request.' );
+    }
 
     /**
@@ -432 +445 @@
      * @covers WP_REST_Template_Revisions_Controller::get_items_permissions_check
      * @ticket 56922
+     * @ticket 56481
      *
      * @param string $rest_base   Base part of the REST API endpoint to test.
      * @param string $template_id Template ID to use in the test.
-     */
-    public function test_get_items_endpoint_should_return_unauthorized_https_status_code_for_unauthorized_request( $rest_base, $template_id ) {
+     * @param string $method HTTP method to use.
+     */
+    public function test_get_items_endpoint_should_return_unauthorized_https_status_code_for_unauthorized_request( $rest_base, $template_id, $method ) {
         wp_set_current_user( 0 );
-        $request  = new WP_REST_Request( 'GET', '/wp/v2/' . $rest_base . '/' . $template_id . '/revisions' );
+        $request  = new WP_REST_Request( $method, '/wp/v2/' . $rest_base . '/' . $template_id . '/revisions' );
         $response = rest_get_server()->dispatch( $request );
         $this->assertErrorResponse( 'rest_cannot_read', $response, WP_Http::UNAUTHORIZED );
@@ -450 +465 @@
     public function data_get_items_endpoint_should_return_unauthorized_https_status_code_for_unauthorized_request() {
         return array(
-            'templates'      => array( 'templates', self::TEST_THEME . '//' . self::TEMPLATE_NAME ),
-            'template parts' => array( 'template-parts', self::TEST_THEME . '//' . self::TEMPLATE_PART_NAME ),
+            'templates, GET request'       => array( 'templates', self::TEST_THEME . '//' . self::TEMPLATE_NAME, 'GET' ),
+            'templates, HEAD request'      => array( 'templates', self::TEST_THEME . '//' . self::TEMPLATE_NAME, 'HEAD' ),
+            'template parts, GET request'  => array( 'template-parts', self::TEST_THEME . '//' . self::TEMPLATE_PART_NAME, 'GET' ),
+            'template parts, HEAD request' => array( 'template-parts', self::TEST_THEME . '//' . self::TEMPLATE_PART_NAME, 'HEAD' ),
         );
     }
@@ -459 +476 @@
      * @covers WP_REST_Template_Revisions_Controller::get_items_permissions_check
      * @ticket 56922
+     * @ticket 56481
      *
      * @param string $rest_base   Base part of the REST API endpoint to test.
      * @param string $template_id Template ID to use in the test.
-     */
-    public function test_get_items_endpoint_should_return_forbidden_https_status_code_for_users_with_insufficient_permissions( $rest_base, string $template_id ) {
+     * @param string $method HTTP method to use.
+     */
+    public function test_get_items_endpoint_should_return_forbidden_https_status_code_for_users_with_insufficient_permissions( $rest_base, string $template_id, $method ) {
         wp_set_current_user( self::$contributor_id );
-        $request  = new WP_REST_Request( 'GET', '/wp/v2/' . $rest_base . '/' . $template_id . '/revisions' );
+        $request  = new WP_REST_Request( $method, '/wp/v2/' . $rest_base . '/' . $template_id . '/revisions' );
         $response = rest_get_server()->dispatch( $request );
         $this->assertErrorResponse( 'rest_cannot_read', $response, WP_Http::FORBIDDEN );
@@ -477 +496 @@
     public function data_get_items_endpoint_should_return_forbidden_https_status_code_for_users_with_insufficient_permissions() {
         return array(
-            'templates'      => array( 'templates', self::TEST_THEME . '//' . self::TEMPLATE_NAME ),
-            'template parts' => array( 'template-parts', self::TEST_THEME . '//' . self::TEMPLATE_PART_NAME ),
+            'templates, GET request'       => array( 'templates', self::TEST_THEME . '//' . self::TEMPLATE_NAME, 'GET' ),
+            'templates, HEAD request'      => array( 'templates', self::TEST_THEME . '//' . self::TEMPLATE_NAME, 'HEAD' ),
+            'template parts, GET request'  => array( 'template-parts', self::TEST_THEME . '//' . self::TEMPLATE_PART_NAME, 'GET' ),
+            'template parts, HEAD request' => array( 'template-parts', self::TEST_THEME . '//' . self::TEMPLATE_PART_NAME, 'HEAD' ),
         );
     }
@@ -598 +619 @@
 
     /**
+     * @ticket 56481
+     */
+    public function test_get_item_should_return_no_response_body_for_head_requests() {
+        wp_set_current_user( self::$admin_id );
+        $revisions   = wp_get_post_revisions( self::$template_post, array( 'fields' => 'ids' ) );
+        $revision_id = array_shift( $revisions );
+        $request     = new WP_REST_Request( 'HEAD', '/wp/v2/templates/' . self::TEST_THEME . '/' . self::TEMPLATE_NAME . '/revisions/' . $revision_id );
+        $response    = rest_get_server()->dispatch( $request );
+        $this->assertSame( 200, $response->get_status(), 'Response status is 200.' );
+        $this->assertNull( $response->get_data(), 'The server should not generate a body in response to a HEAD request.' );
+    }
+
+    /**
      * Data provider for test_get_item_with_data_provider.
      *
@@ -613 +647 @@
      * @covers WP_REST_Template_Revisions_Controller::get_item
      * @ticket 56922
+     * @ticket 56481
      *
      * @param string  $parent_post_property_name  A class property name that contains the parent post object.
      * @param string  $rest_base                  Base part of the REST API endpoint to test.
-     */
-    public function test_get_item_not_found( $parent_post_property_name, $rest_base ) {
+     * @param string  $method                     HTTP method to use.
+     */
+    public function test_get_item_not_found( $parent_post_property_name, $rest_base, $method ) {
         wp_set_current_user( self::$admin_id );
 
@@ -625 +661 @@
         $revision_id = array_shift( $revisions );
 
-        $request  = new WP_REST_Request( 'GET', '/wp/v2/' . $rest_base . '/invalid//parent/revisions/' . $revision_id );
+        $request  = new WP_REST_Request( $method, '/wp/v2/' . $rest_base . '/invalid//parent/revisions/' . $revision_id );
         $response = rest_get_server()->dispatch( $request );
         $this->assertErrorResponse( 'rest_post_invalid_parent', $response, WP_Http::NOT_FOUND );
@@ -637 +673 @@
     public function data_get_item_not_found() {
         return array(
-            'templates'      => array( 'template_post', 'templates' ),
-            'template parts' => array( 'template_part_post', 'template-parts' ),
+            'templates, GET request'       => array( 'template_post', 'templates', 'GET' ),
+            'templates, HEAD request'      => array( 'template_post', 'templates', 'HEAD' ),
+            'template parts, GET request'  => array( 'template_part_post', 'template-parts', 'GET' ),
+            'template parts, HEAD request' => array( 'template_part_post', 'template-parts', 'HEAD' ),
         );
     }
@@ -646 +684 @@
      * @covers WP_REST_Template_Revisions_Controller::get_item
      * @ticket 59875
+     * @ticket 56481
      *
      * @param string $parent_post_property_name        A class property name that contains the parent post object.
@@ -651 +690 @@
      * @param string $rest_base                        Base part of the REST API endpoint to test.
      * @param string $template_id                      Template ID to use in the test.
-     */
-    public function test_get_item_invalid_parent_id( $parent_post_property_name, $actual_parent_post_property_name, $rest_base, $template_id ) {
+     * @param string $method HTTP method to use.
+     */
+    public function test_get_item_invalid_parent_id( $parent_post_property_name, $actual_parent_post_property_name, $rest_base, $template_id, $method ) {
         wp_set_current_user( self::$admin_id );
 
@@ -660 +700 @@
         $revision_id        = array_shift( $revisions );
 
-        $request = new WP_REST_Request( 'GET', '/wp/v2/' . $rest_base . '/' . $template_id . '/revisions/' . $revision_id );
+        $request = new WP_REST_Request( $method, '/wp/v2/' . $rest_base . '/' . $template_id . '/revisions/' . $revision_id );
 
         $response = rest_get_server()->dispatch( $request );
@@ -676 +716 @@
     public function data_get_item_invalid_parent_id() {
         return array(
-            'templates'      => array(
+            'templates, GET request'       => array(
                 'template_post',
                 'template_post_2',
                 'templates',
                 self::TEST_THEME . '//' . self::TEMPLATE_NAME_2,
-            ),
-            'template parts' => array(
+                'GET',
+            ),
+            'templates, HEAD request'      => array(
+                'template_post',
+                'template_post_2',
+                'templates',
+                self::TEST_THEME . '//' . self::TEMPLATE_NAME_2,
+                'HEAD',
+            ),
+            'template parts, GET request'  => array(
                 'template_part_post',
                 'template_part_post_2',
                 'template-parts',
                 self::TEST_THEME . '//' . self::TEMPLATE_PART_NAME_2,
+                'GET',
+            ),
+            'template parts, HEAD request' => array(
+                'template_part_post',
+                'template_part_post_2',
+                'template-parts',
+                self::TEST_THEME . '//' . self::TEMPLATE_PART_NAME_2,
+                'HEAD',
             ),
         );

trunk/tests/phpunit/tests/rest-api/wpRestTemplatesController.php

@@ -177 +177 @@
 
     /**
+     * @ticket 56481
+     *
+     * @covers WP_REST_Templates_Controller::get_items
+     */
+    public function test_get_items_should_return_no_response_body_for_head_requests() {
+        wp_set_current_user( self::$admin_id );
+        $request  = new WP_REST_Request( 'HEAD', '/wp/v2/templates' );
+        $response = rest_get_server()->dispatch( $request );
+        $this->assertSame( 200, $response->get_status(), 'Response status is 200.' );
+        $this->assertNull( $response->get_data(), 'The server should not generate a body in response to a HEAD request.' );
+    }
+
+    /**
      * @covers WP_REST_Templates_Controller::get_items
      */
@@ -269 +282 @@
 
     /**
+     * @ticket 56481
+     *
+     * @covers WP_REST_Templates_Controller::get_item
+     * @covers WP_REST_Templates_Controller::prepare_item_for_response
+     */
+    public function test_get_item_should_return_no_response_body_for_head_requests() {
+        wp_set_current_user( self::$admin_id );
+        $request  = new WP_REST_Request( 'HEAD', '/wp/v2/templates/default//my_template' );
+        $response = rest_get_server()->dispatch( $request );
+        $this->assertSame( 200, $response->get_status(), 'Response status is 200.' );
+        $this->assertNull( $response->get_data(), 'The server should not generate a body in response to a HEAD request.' );
+    }
+
+    /**
      * @covers WP_REST_Templates_Controller::get_item
      */
@@ -311 +338 @@
         wp_set_current_user( self::$subscriber_id );
         $request  = new WP_REST_Request( 'GET', '/wp/v2/templates/default//my_template' );
-        $response = rest_get_server()->dispatch( $request );
         $response = rest_get_server()->dispatch( $request );
         $this->assertErrorResponse( 'rest_cannot_manage_templates', $response, 403 );