Make WordPress Core

Opened 6 years ago

Closed 6 years ago

#20681 closed defect (bug) (fixed)

Allow Origin API

Reported by: ryan Owned by:
Milestone: 3.4 Priority: normal
Severity: normal Version: 3.4
Component: Security Keywords: has-patch
Focuses: Cc:


An API for controlling delivery of Access-Control-Allow-Origin and friends that handles SSL and domain mapped scenarios.

Attachments (3)

20681.diff (3.1 KB) - added by ryan 6 years ago.
20681.2.diff (1.4 KB) - added by ryan 6 years ago.
Attempt loading preview over ssl if admin is ssl
20681.3.diff (1.4 KB) - added by ryan 6 years ago.
Now with fewer typos.

Download all attachments as: .zip

Change History (7)

6 years ago

#1 @scribu
6 years ago

  • Keywords has-patch added

Something like this would be very useful for all AJAX request.

Version 0, edited 6 years ago by scribu (next)

#2 @ryan
6 years ago

In [20794]:

API for allowing cross origin resource sharing.

  • Allowed origin whitelist that can be altered by plugins
  • Validation of the request origin against the whitelist
  • Send Access-Control-Allow-Origin if origin allowed
  • get_http_origin(), get_allowed_http_origins(), is_allowed_http_origin(), send_origin_headers()

See #20681

#3 @johnbillion
6 years ago

  • Cc johnbillion added

#4 @ryan
6 years ago

  • Resolution set to fixed
  • Status changed from new to closed

Try it out. Reopen with comments and suggestions.

6 years ago

Attempt loading preview over ssl if admin is ssl

6 years ago

Now with fewer typos.

Note: See TracTickets for help on using tickets.