sun
commented
2 months ago I'm inclined to merge this, but did not have a chance to run/test the code (and hook) yet. If someone else did, it would be helpful if you state so.
Closed lxbdr closed 2 months ago
sun
commented
2 months ago I'm inclined to merge this, but did not have a chance to run/test the code (and hook) yet. If someone else did, it would be helpful if you state so.
dominic-ks
commented
2 months ago @sun I haven't done, but am intended on going through these this week and will test all before approving any I haven't already.
dominic-ks
commented
2 months ago @sun @lxbdr Hello, I have tested the plugin with these changes, while the tests pass and the plugin works, I have found that this setup results in duplicate entries in the Access-Control-Allow-Headers header. e.g.
Authorization, X-WP-Nonce, Content-Disposition, Content-MD5, Content-Type, X-Requested-With, Content-Type, Accept, Origin, Authorization, Cookie
I don't know if this has would have any ill effects but seems like we should de-dupe the list...?
WP 5.5.0 added the hook
rest_allowed_cors_headersto the core as a way to addAccess-Control-Allow-Headers. This code checks the current version and uses the hook accordingly, otherwise it uses the existing way as a fallback.