REST API: Include X-Robots-Tag: noindex header in REST API responses to prevent endpoints from being indexed by search engines.

Prevent duplicate content issues with search engines and REST API endpoint response data. Fixes #36390. Props m_uysl for the initial patch. git-svn-id: https://develop.svn.wordpress.org/trunk@37726 602fd350-edb4-49c9-b593-d223f7449a82
2016-06-16 14:58:28 +00:00 · 2016-06-16 14:58:28 +00:00 · 7a4e523b5e
parent f50f50cd0b
commit 7a4e523b5e
2 changed files with 10 additions and 0 deletions
--- a/src/wp-includes/rest-api/class-wp-rest-server.php
+++ b/src/wp-includes/rest-api/class-wp-rest-server.php
@ -226,6 +226,7 @@ class WP_REST_Server {
 	public function serve_request( $path = null ) {
 		$content_type = isset( $_GET['_jsonp'] ) ? 'application/javascript' : 'application/json';
 		$this->send_header( 'Content-Type', $content_type . '; charset=' . get_option( 'blog_charset' ) );
+		$this->send_header( 'X-Robots-Tag', 'noindex' );

 		/*
 		 * Mitigate possible JSONP Flash attacks.
--- a/tests/phpunit/tests/rest-api/rest-server.php
+++ b/tests/phpunit/tests/rest-api/rest-server.php
@ -717,6 +717,15 @@ class Tests_REST_Server extends WP_Test_REST_TestCase {
 		$this->assertContains( 'test/another', $namespaces );
 	}

+	public function test_x_robot_tag_header_on_requests() {
+		$request = new WP_REST_Request( 'GET', '/', array() );
+
+		$result = $this->server->serve_request('/');
+		$headers = $this->server->sent_headers;
+
+		$this->assertEquals( 'noindex', $headers['X-Robots-Tag'] );
+	}
+
 	public function test_nocache_headers_on_authenticated_requests() {
 		$editor = self::factory()->user->create( array( 'role' => 'editor' ) );
 		$request = new WP_REST_Request( 'GET', '/', array() );