dev: fix and refine request headers logic - Githubissues

AxeWP / wp-graphql-headless-login

A WordPress plugin that provides Headless login and authentication for WPGraphQL, supporting traditional passwords, OAuth2/OpenID Connect, JWT, and more.

GNU General Public License v3.0

72 stars 11 forks source link

dev: fix and refine request headers logic #46

Closed justlevine closed 1 year ago

justlevine commented 1 year ago

What

This PR refines #45 by refactoring the way the request headers are sent.

Specifically:

The Vary: Origin header is now set if there are multiple possible allowed origins for the request.
X-WPGraphQL-Login-Token is now included in Access-Control-Allow-Headers and excluded from Access-Control-Expose-Headers.
X-WPGraphQL-Login-Refresh-Token is now only included in Access-Control-Expose-Headers if a valid refresh token is returned in the response.
Why

How

Testing Instructions

Additional Info

Checklist:

[x] My code is tested to the best of my abilities.
[x] My code follows the WordPress Coding Standards.
[x] My code has proper inline documentation.
[x] I have added unit tests to verify the code works as intended.
[x] I included the relevant changes in CHANGELOG.md

coveralls commented 1 year ago

Coverage: 60.564% (+0.1%) from 60.467% when pulling d6008f21d66e55ac5f4d22bcc4be72d5c2a3f480 on justlevine:dev/access-control-fixes into 354bfb82fcb67e65131209ccc93117fdb10587df on AxeWP:develop.