Add Vary: Origin to CORS responses
|Reported by:||pdufour||Owned by:||jorbin|
I think enough WP setups have some caching engine like Varnish installed that it'd be useful to have a 'Vary: Origin' header on any responses that have a Access-Control-Allow-Origin header.
Steps to replicate:
Send CURL request to WP API with a custom origin. See that the it returns with Access-Control-Allow-Origin: custom origin but does not have a Vary: Origin header so if you have a caching engine installed and send another request with a separate origin than the first, it will still return custom origin.
Change History (12)
- Keywords 2nd-opinion removed
- Owner set to jorbin
- Status changed from new to assigned