REST API: Add "Link" to the list of exposed cors headers.

Currently, only the X-WP-Total and X-WP-TotalPages headers are exposed which means that clients have to manually construct the URL to implement pagination instead of using the "prev" and "next" Links. Additionally, a filter "rest_exposed_cors_headers" is introduced to make it simpler for plugins to expose additional headers. Props Toro_Unit, ayeshrajans. Fixes #50369. git-svn-id: https://develop.svn.wordpress.org/trunk@48112 602fd350-edb4-49c9-b593-d223f7449a82
2020-06-20 23:54:32 +00:00 · 2020-06-20 23:54:32 +00:00 · 0c1a49c728
commit 0c1a49c728
parent 8909a914c7
1 changed files with 12 additions and 1 deletions
--- a/src/wp-includes/rest-api/class-wp-rest-server.php
+++ b/src/wp-includes/rest-api/class-wp-rest-server.php
@ -243,7 +243,18 @@ class WP_REST_Server {
 		 * https://miki.it/blog/2014/7/8/abusing-jsonp-with-rosetta-flash/
 		 */
 		$this->send_header( 'X-Content-Type-Options', 'nosniff' );
-		$this->send_header( 'Access-Control-Expose-Headers', 'X-WP-Total, X-WP-TotalPages' );
+		$expose_headers = array( 'X-WP-Total', 'X-WP-TotalPages', 'Link' );
+
+		/**
+		 * Filters the list of response headers that are exposed to CORS requests.
+		 *
+		 * @since 5.5.0
+		 *
+		 * @param string[] $expose_headers The list of headers to expose.
+		 */
+		$expose_headers = apply_filters( 'rest_exposed_cors_headers', $expose_headers );
+
+		$this->send_header( 'Access-Control-Expose-Headers', implode( ', ', $expose_headers ) );
 		$this->send_header( 'Access-Control-Allow-Headers', 'Authorization, Content-Type' );

 		/**