Make WordPress Core

Opened 12 years ago

Closed 12 years ago

#20681 closed defect (bug) (fixed)

Allow Origin API

Reported by: ryan's profile ryan Owned by:
Milestone: 3.4 Priority: normal
Severity: normal Version: 3.4
Component: Security Keywords: has-patch
Focuses: Cc:


An API for controlling delivery of Access-Control-Allow-Origin and friends that handles SSL and domain mapped scenarios.

Attachments (3)

20681.diff (3.1 KB) - added by ryan 12 years ago.
20681.2.diff (1.4 KB) - added by ryan 12 years ago.
Attempt loading preview over ssl if admin is ssl
20681.3.diff (1.4 KB) - added by ryan 12 years ago.
Now with fewer typos.

Download all attachments as: .zip

Change History (7)

12 years ago

#1 @scribu
12 years ago

  • Keywords has-patch added

Something like this would be very useful for all AJAX requests.

Last edited 12 years ago by scribu (previous) (diff)

#2 @ryan
12 years ago

In [20794]:

API for allowing cross origin resource sharing.

  • Allowed origin whitelist that can be altered by plugins
  • Validation of the request origin against the whitelist
  • Send Access-Control-Allow-Origin if origin allowed
  • get_http_origin(), get_allowed_http_origins(), is_allowed_http_origin(), send_origin_headers()

See #20681

#3 @johnbillion
12 years ago

  • Cc johnbillion added

#4 @ryan
12 years ago

  • Resolution set to fixed
  • Status changed from new to closed

Try it out. Reopen with comments and suggestions.

12 years ago

Attempt loading preview over ssl if admin is ssl

12 years ago

Now with fewer typos.

Note: See TracTickets for help on using tickets.