#57752 closed enhancement (fixed)
Improve rest_(allowed|exposed)_cors_headers filters
| Reported by: |
bor0
|
Owned by: |
kadamwhite
|
|---|---|---|---|
| Milestone: | 6.3 | Priority: | normal |
| Severity: | normal | Version: | 6.2 |
| Component: | REST API | Keywords: | has-patch has-unit-tests commit add-to-field-guide |
| Focuses: | rest-api | Cc: |
Description
In a use case where there are multiple REST endpoints, but we only want to expose specific headers for specific endpoints, the filters rest_allowed_cors_headers and rest_exposed_cors_headers do not have any request in context and are quite limited in that regard.
It would've been ideal if we could write our code as such:
add_filter( 'rest_exposed_cors_headers', function( $headers, $request ) {
if ( '/foo/bar' === $request->get_route() ) {
$headers[] = 'X-RateLimit-Limit';
}
return $headers;
}, 10, 2 );
Attachments (1)
Change History (19)
@
#4
@
18 months ago
- Keywords reporter-feedback added
- Owner set to rachelbaker
- Status changed from new to accepted
#5
@
18 months ago
- Keywords reporter-feedback removed
Hi @rachelbaker,
We could certainly do the following:
add_filter( 'rest_post_dispatch', function( $result, $server, $request ) {
$server->send_header( 'Access-Control-Allow-Headers', 'X-RateLimit-Limit' );
return $result;
}, 10, 3 );
But the problem is that this will overwrite the existing headers set by WordPress WP_REST_Server::serve_request.
In addition, we cannot get the existing headers from $server as the function send_header merely wraps the header function and doesn't store these results anywhere, so we end up having to copy-paste:
add_filter( 'rest_post_dispatch', function( $result, $server, $request ) {
$allow_headers = array(
'Authorization',
'X-WP-Nonce',
'Content-Disposition',
'Content-MD5',
'Content-Type',
);
$allow_headers[] = 'X-RateLimit-Limit';
$this->send_header( 'Access-Control-Allow-Headers', implode( ', ', $allow_headers ) );
return $result;
}, 10, 3 );
@
This ticket was mentioned in Slack in #core by chaion07. View the logs.
14 months ago
#9
@
14 months ago
- Milestone changed from 6.3 to 6.4
Thanks @bor0 for reporting this. We reviewed this ticket during a recent bug-scrub session and based on the feedback we are updating the milestone to 6.4!
Props to @oglekler
This ticket was mentioned in Slack in #core-restapi by spacedmonkey. View the logs.
13 months ago
#11
@
13 months ago
This approach makes sense to me, given @bor0's argument above about avoiding copy-paste code. I think we should have some tests around it, though -- writing up a basic one now.
This ticket was mentioned in PR #4740 on WordPress/wordpress-develop by kadamwhite.
13 months ago
#12
- Keywords has-unit-tests added
Add unit tests to initial patch uploaded to ticket.
Trac ticket: https://core.trac.wordpress.org/ticket/57752
#13
@
13 months ago
- Focuses rest-api added
- Keywords needs-testing removed
- Owner changed from rachelbaker to spacedmonkey
- Status changed from accepted to assigned
https://github.com/WordPress/wordpress-develop/pull/4740 now contains a version of @bor0's patch with unit tests, which assert the second argument is present, is a request object, and matches the unique dispatched route. The tests were pushed first to validate in CI that the tests fail without the patch, then pass with it.
I'm comfortable moving forward with this one, though I think we're just missing the 6.3 cutoff.
@spacedmonkey assigning to you to take forward, if that's alright.
#14
@
13 months ago
- Keywords commit added
- Milestone changed from 6.4 to 6.3
- Owner changed from spacedmonkey to kadamwhite
This patch looks good to go. Marking as ready to commit and assigning to @kadamwhite
kadamwhite commented on PR #4740:
13 months ago
#16
Merged in https://core.trac.wordpress.org/changeset/56096 / 68be569925
@
@
@bor0 Would you be able to use the
rest_post_dispatchfilter for your use case?