#34921 closed defect (bug) (wontfix)
CORS Preflight Check Broken in API
Reported by: |
|
Owned by: | |
---|---|---|---|
Milestone: | Priority: | normal | |
Severity: | normal | Version: | 4.6 |
Component: | REST API | Keywords: | has-patch |
Focuses: | Cc: |
Description
In /wp-includes/rest-api/class-wp-rest-server.php
line 237:
$this->send_header( 'Access-Control-Allow-Headers', 'Authorization' );
This is breaking CORS preflight checks and resulting in error messages in Chrome like this:
XMLHttpRequest cannot load https://corsdomain.com/wp-json/... Request header field X-WP-Nonce is not allowed by Access-Control-Allow-Headers in preflight response.
Attachments (1)
Change History (6)
This ticket was mentioned in Slack in #core by helen. View the logs.
8 years ago
This ticket was mentioned in Slack in #core by rachelbaker. View the logs.
8 years ago
Note: See
TracTickets for help on using
tickets.
Per @rmccue that merged the related code here: https://github.com/WP-API/WP-API/pull/1529