sergiotarxz/Wordpress
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

REST API: Ensure "Allow" header is returned for OPTIONS requests.

Browse Source 
This changeset ensures `$request->set_url_params()` is called while fulfilling OPTIONS requests, where previously it was skipped because OPTIONS requests short-circuit the logic in `dispatch` which handles this setup for other request methods. Omitting the URL parameters prevented the Allow header from being set.

Props killua99, noisysocks.
Fixes #45753.


git-svn-id: https://develop.svn.wordpress.org/trunk@44933 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
K. Adam White 2019-03-19 03:21:28 +00:00
parent c62eab00a7
commit 58aad3837f
3 changed files with 68 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
src/wp-includes/rest-api.php
View File

@ -615,12 +615,27 @@ function rest_handle_options_request( $response, $handler, $request ) {
$data = array(); $data = array();
foreach ( $handler->get_routes() as $route => $endpoints ) { foreach ( $handler->get_routes() as $route => $endpoints ) {
$match = preg_match( '@^' . $route . '$@i', $request->get_route() ); $match = preg_match( '@^' . $route . '$@i', $request->get_route(), $matches );
if ( ! $match ) { if ( ! $match ) {
continue; continue;
} }
$args = array();
foreach ( $matches as $param => $value ) {
if ( ! is_int( $param ) ) {
$args[ $param ] = $value;
}
}
foreach ( $endpoints as $endpoint ) {
// Remove the redundant preg_match argument.
unset( $args[0] );
$request->set_url_params( $args );
$request->set_attributes( $endpoint );
}
$data = $handler->get_data_for_route( $route, $endpoints, 'help' ); $data = $handler->get_data_for_route( $route, $endpoints, 'help' );
$response->set_matched_route( $route ); $response->set_matched_route( $route );
break; break;

30
tests/phpunit/tests/rest-api/rest-attachments-controller.php
View File

@ -208,6 +208,36 @@ class WP_Test_REST_Attachments_Controller extends WP_Test_REST_Post_Type_Control
$this->assertEquals( array( 'context', 'id' ), $keys ); $this->assertEquals( array( 'context', 'id' ), $keys );
} }
/**
* @ticket 43701
*/
public function test_allow_header_sent_on_options_request() {
$id1 = $this->factory->attachment->create_object(
$this->test_file,
0,
array(
'post_mime_type' => 'image/jpeg',
'post_excerpt' => 'A sample caption',
)
);
$request = new WP_REST_Request( 'OPTIONS', sprintf( '/wp/v2/media/%d', $id1 ) );
$response = rest_get_server()->dispatch( $request );
$response = apply_filters( 'rest_post_dispatch', $response, rest_get_server(), $request );
$headers = $response->get_headers();
$this->assertNotEmpty( $headers['Allow'] );
$this->assertEquals( $headers['Allow'], 'GET' );
wp_set_current_user( self::$editor_id );
$request = new WP_REST_Request( 'OPTIONS', sprintf( '/wp/v2/media/%d', $id1 ) );
$response = rest_get_server()->dispatch( $request );
$response = apply_filters( 'rest_post_dispatch', $response, rest_get_server(), $request );
$headers = $response->get_headers();
$this->assertNotEmpty( $headers['Allow'] );
$this->assertEquals( $headers['Allow'], 'GET, POST, PUT, PATCH, DELETE' );
}
public function test_get_items() { public function test_get_items() {
wp_set_current_user( 0 ); wp_set_current_user( 0 );
$id1 = $this->factory->attachment->create_object( $id1 = $this->factory->attachment->create_object(

22
tests/phpunit/tests/rest-api/rest-posts-controller.php
View File

@ -189,6 +189,28 @@ class WP_Test_REST_Posts_Controller extends WP_Test_REST_Post_Type_Controller_Te
$this->assertEquals( array( 'context', 'id', 'password' ), $keys ); $this->assertEquals( array( 'context', 'id', 'password' ), $keys );
} }
/**
* @ticket 43701
*/
public function test_allow_header_sent_on_options_request() {
$request = new WP_REST_Request( 'OPTIONS', sprintf( '/wp/v2/posts/%d', self::$post_id ) );
$response = rest_get_server()->dispatch( $request );
$response = apply_filters( 'rest_post_dispatch', $response, rest_get_server(), $request );
$headers = $response->get_headers();
$this->assertNotEmpty( $headers['Allow'] );
$this->assertEquals( $headers['Allow'], 'GET' );
wp_set_current_user( self::$editor_id );
$request = new WP_REST_Request( 'OPTIONS', sprintf( '/wp/v2/posts/%d', self::$post_id ) );
$response = rest_get_server()->dispatch( $request );
$response = apply_filters( 'rest_post_dispatch', $response, rest_get_server(), $request );
$headers = $response->get_headers();
$this->assertNotEmpty( $headers['Allow'] );
$this->assertEquals( $headers['Allow'], 'GET, POST, PUT, PATCH, DELETE' );
}
public function test_get_items() { public function test_get_items() {
$request = new WP_REST_Request( 'GET', '/wp/v2/posts' ); $request = new WP_REST_Request( 'GET', '/wp/v2/posts' );
$response = rest_get_server()->dispatch( $request ); $response = rest_get_server()->dispatch( $request );