[wp-trac] [WordPress Trac] #41696: Content-Disposition header is blocked by CORS
WordPress Trac
noreply at wordpress.org
Sun Jul 12 19:36:18 UTC 2020
#41696: Content-Disposition header is blocked by CORS
--------------------------+--------------------------------
Reporter: rmccue | Owner: TimothyBlynJacobs
Type: defect (bug) | Status: closed
Priority: low | Milestone: 5.5
Component: REST API | Version: 4.7
Severity: minor | Resolution: fixed
Keywords: has-patch | Focuses:
--------------------------+--------------------------------
Changes (by TimothyBlynJacobs):
* owner: (none) => TimothyBlynJacobs
* status: new => closed
* resolution: => fixed
Comment:
In [changeset:"48452" 48452]:
{{{
#!CommitTicketReference repository="" revision="48452"
REST API: Add Content-Disposition, Content-MD5 and X-WP-Nonce as allowed
cors headers.
The Content-Disposition and Content-MD5 headers allow for easier file
uploading across domains by using a File/Blob object directly. The X-WP-
Nonce header is allowed for making cross-origin and same-origin
authenticated requests consistent.
Additionally a filter is introduced, "rest_allowed_cors_headers", to
simplify the process of allowing additional request headers.
Props rmccue, TimothyBlynJacobs.
Fixes #41696.
}}}
--
Ticket URL: <https://core.trac.wordpress.org/ticket/41696#comment:4>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list