Admin Page: Domain Mapping plugins lead to CORS errors

Automattic / jetpack

Security, performance, marketing, and design tools — Jetpack is made by WordPress experts to make WP sites safer and faster, and help you grow your traffic.

https://jetpack.com/

Other

1.59k stars 799 forks source link

Admin Page: Domain Mapping plugins lead to CORS errors #5981

Open kraftbj opened 7 years ago

kraftbj commented 7 years ago

(I thought there was an issue for this already, but search-fu failed).

When the site_url and the home_url are different, commonly with domain mapping plugins, the new admin page will often fail due to CORS errors.

For example, the wp-admin may live at http://test.example.com/wp-admin/ but the home_url (and what Core's rest_url() uses) is http://example.net/ , so the React requests to the REST API URLs are blocked due to CORS.

Rodrigoleon commented 7 years ago

360Sites.net is experiencing this bug. The site uses WPMU's Domain Mapping plugin. If a domain is mapped, Jetpack's new admin page does not load any information (stats, plugin updates, spam protection, etc). When attempting to update a setting, we get an error: "Error updating settings. TypeError: Failed to fetch".

chaselivingston commented 7 years ago

Also reported in 3209094-t

kraftbj commented 7 years ago

This may be notable in light of this: https://core.trac.wordpress.org/changeset/40600

If we can determine the user is using domain mapping, maybe we can short-circuit CORS with this once WP 4.8 is out?

stale[bot] commented 6 years ago

This issue has been marked as stale. This happened because:

It has been inactive in the past 6 months.
It hasn’t been labeled `[Pri] Blocker`, `[Pri] High`.

No further action is needed. But it's worth checking if this ticket has clear reproduction steps and it is still reproducible. Feel free to close this issue if you think it's not valid anymore — if you do, please add a brief explanation.