REST API: Add "Link" to the list of exposed cors headers.

Currently, only the X-WP-Total and X-WP-TotalPages headers are exposed which means that clients have to manually construct the URL to implement pagination instead of using the "prev" and "next" Links.

Additionally, a filter "rest_exposed_cors_headers" is introduced to make it simpler for plugins to expose additional headers.

Props Toro_Unit, ayeshrajans.
Fixes #50369.


git-svn-id: https://develop.svn.wordpress.org/trunk@48112 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
Timothy Jacobs 2020-06-20 23:54:32 +00:00
parent 8909a914c7
commit 0c1a49c728

View File

@ -243,7 +243,18 @@ class WP_REST_Server {
* https://miki.it/blog/2014/7/8/abusing-jsonp-with-rosetta-flash/ * https://miki.it/blog/2014/7/8/abusing-jsonp-with-rosetta-flash/
*/ */
$this->send_header( 'X-Content-Type-Options', 'nosniff' ); $this->send_header( 'X-Content-Type-Options', 'nosniff' );
$this->send_header( 'Access-Control-Expose-Headers', 'X-WP-Total, X-WP-TotalPages' ); $expose_headers = array( 'X-WP-Total', 'X-WP-TotalPages', 'Link' );
/**
* Filters the list of response headers that are exposed to CORS requests.
*
* @since 5.5.0
*
* @param string[] $expose_headers The list of headers to expose.
*/
$expose_headers = apply_filters( 'rest_exposed_cors_headers', $expose_headers );
$this->send_header( 'Access-Control-Expose-Headers', implode( ', ', $expose_headers ) );
$this->send_header( 'Access-Control-Allow-Headers', 'Authorization, Content-Type' ); $this->send_header( 'Access-Control-Allow-Headers', 'Authorization, Content-Type' );
/** /**