WordPress.org

Make WordPress Core

Opened 3 years ago

Closed 3 years ago

#20681 closed defect (bug) (fixed)

Allow Origin API

Reported by: ryan Owned by:
Milestone: 3.4 Priority: normal
Severity: normal Version: 3.4
Component: Security Keywords: has-patch
Focuses: Cc:

Description

An API for controlling delivery of Access-Control-Allow-Origin and friends that handles SSL and domain mapped scenarios.

Attachments (3)

20681.diff (3.1 KB) - added by ryan 3 years ago.
20681.2.diff (1.4 KB) - added by ryan 3 years ago.
Attempt loading preview over ssl if admin is ssl
20681.3.diff (1.4 KB) - added by ryan 3 years ago.
Now with fewer typos.

Download all attachments as: .zip

Change History (7)

@ryan3 years ago

comment:1 @scribu3 years ago

  • Keywords has-patch added

Something like this would be very useful for all AJAX request.

Version 0, edited 3 years ago by scribu (next)

comment:2 @ryan3 years ago

In [20794]:

API for allowing cross origin resource sharing.

  • Allowed origin whitelist that can be altered by plugins
  • Validation of the request origin against the whitelist
  • Send Access-Control-Allow-Origin if origin allowed
  • get_http_origin(), get_allowed_http_origins(), is_allowed_http_origin(), send_origin_headers()

See #20681

comment:3 @johnbillion3 years ago

  • Cc johnbillion added

comment:4 @ryan3 years ago

  • Resolution set to fixed
  • Status changed from new to closed

Try it out. Reopen with comments and suggestions.

@ryan3 years ago

Attempt loading preview over ssl if admin is ssl

@ryan3 years ago

Now with fewer typos.

Note: See TracTickets for help on using tickets.