Make WordPress Core

Opened 4 years ago

Closed 3 years ago

#52691 closed defect (bug) (fixed)

Check if JSONP is enabled prior to outputting the jsonp-type content-type

Reported by: dd32's profile dd32 Owned by: rachelbaker's profile rachelbaker
Milestone: 5.8 Priority: lowest
Severity: trivial Version:
Component: REST API Keywords: has-patch commit
Focuses: rest-api Cc:

Description

Currently when JSONP is disabled, the Content-Type header is still output as if the response will be a jsonp response (But it won't be).

The attached PR simply runs the filter before outputting the header.

This still isn't strictly correct for all cases, as an invalid jsonp callback will still output non-jsonp using the jsonp content-type, but that's not a regression here, and I wasn't sure about shifting the invalid jsonp callback sanitization earlier in the function.

Change History (3)

This ticket was mentioned in PR #1063 on WordPress/wordpress-develop by dd32.


4 years ago
#1

  • Keywords has-patch added

#2 @TimothyBlynJacobs
4 years ago

  • Keywords commit added
  • Milestone changed from Awaiting Review to 5.8

lgtm!

#3 @rachelbaker
3 years ago

  • Owner set to rachelbaker
  • Resolution set to fixed
  • Status changed from new to closed

In 50695:

REST API: Move the rest_jsonp_enabled filter before setting the Content-Type header.

Fixes an issue where if JSONP was disabled the Content-Type HTTP header was still set to application/javascript.

Props dd32, TimothyBlynJacobs.
Fixes #52691.

Note: See TracTickets for help on using tickets.