Make WordPress Core

Opened 2 years ago

Closed 2 years ago

#20681 closed defect (bug) (fixed)

Allow Origin API

Reported by: ryan Owned by:
Milestone: 3.4 Priority: normal
Severity: normal Version: 3.4
Component: Security Keywords: has-patch
Focuses: Cc:


An API for controlling delivery of Access-Control-Allow-Origin and friends that handles SSL and domain mapped scenarios.

Attachments (3)

20681.diff (3.1 KB) - added by ryan 2 years ago.
20681.2.diff (1.4 KB) - added by ryan 2 years ago.
Attempt loading preview over ssl if admin is ssl
20681.3.diff (1.4 KB) - added by ryan 2 years ago.
Now with fewer typos.

Download all attachments as: .zip

Change History (7)

ryan2 years ago

comment:1 scribu2 years ago

  • Keywords has-patch added

Something like this would be very useful for all AJAX request.

Version 0, edited 2 years ago by scribu (next)

comment:2 ryan2 years ago

In [20794]:

API for allowing cross origin resource sharing.

  • Allowed origin whitelist that can be altered by plugins
  • Validation of the request origin against the whitelist
  • Send Access-Control-Allow-Origin if origin allowed
  • get_http_origin(), get_allowed_http_origins(), is_allowed_http_origin(), send_origin_headers()

See #20681

comment:3 johnbillion2 years ago

  • Cc johnbillion added

comment:4 ryan2 years ago

  • Resolution set to fixed
  • Status changed from new to closed

Try it out. Reopen with comments and suggestions.

ryan2 years ago

Attempt loading preview over ssl if admin is ssl

ryan2 years ago

Now with fewer typos.

Note: See TracTickets for help on using tickets.