sergiotarxz
/
Wordpress
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

REST API: Include `Vary: Origin` in cors headers 

`vary: origin` is a W3 CORS implementation recommendation( https://www.w3.org/TR/cors/#resource-implementation ). It's used by default in frameworks such as hapi and Laravel-cors. Overall, it helps sites siting behind a cache such as varnish.

Fixes #38060.
Props procodewp, pdufour for research.



git-svn-id: https://develop.svn.wordpress.org/trunk@38806 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
Aaron Jorbin 2016-10-17 16:10:37 +00:00
parent 9639758d1c
commit 246aa65a19
1 changed files with 1 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
src/wp-includes/rest-api.php
View File

@ -408,6 +408,7 @@ function rest_send_cors_headers( $value ) {
header( 'Access-Control-Allow-Origin: ' . esc_url_raw( $origin ) ); header( 'Access-Control-Allow-Origin: ' . esc_url_raw( $origin ) );
header( 'Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE' ); header( 'Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE' );
header( 'Access-Control-Allow-Credentials: true' ); header( 'Access-Control-Allow-Credentials: true' );
header( 'Vary: Origin' );
} }
return $value; return $value;