Make WordPress Core

Opened 11 years ago

Closed 11 years ago

#20681 closed defect (bug) (fixed)

Allow Origin API

Reported by: ryan's profile ryan Owned by:
Milestone: 3.4 Priority: normal
Severity: normal Version: 3.4
Component: Security Keywords: has-patch
Focuses: Cc:


An API for controlling delivery of Access-Control-Allow-Origin and friends that handles SSL and domain mapped scenarios.

Attachments (3)

20681.diff (3.1 KB) - added by ryan 11 years ago.
20681.2.diff (1.4 KB) - added by ryan 11 years ago.
Attempt loading preview over ssl if admin is ssl
20681.3.diff (1.4 KB) - added by ryan 11 years ago.
Now with fewer typos.

Download all attachments as: .zip

Change History (7)

11 years ago

#1 @scribu
11 years ago

  • Keywords has-patch added

Something like this would be very useful for all AJAX requests.

Last edited 11 years ago by scribu (previous) (diff)

#2 @ryan
11 years ago

In [20794]:

API for allowing cross origin resource sharing.

  • Allowed origin whitelist that can be altered by plugins
  • Validation of the request origin against the whitelist
  • Send Access-Control-Allow-Origin if origin allowed
  • get_http_origin(), get_allowed_http_origins(), is_allowed_http_origin(), send_origin_headers()

See #20681

#3 @johnbillion
11 years ago

  • Cc johnbillion added

#4 @ryan
11 years ago

  • Resolution set to fixed
  • Status changed from new to closed

Try it out. Reopen with comments and suggestions.

11 years ago

Attempt loading preview over ssl if admin is ssl

11 years ago

Now with fewer typos.

Note: See TracTickets for help on using tickets.