site_iri: comparison web/wp-includes/http.php

equal deleted inserted replaced

-:f507feede89a
+:09a1c134465b
 * @since 2.7.0
 * @access private
 *
 * @return WP_Http HTTP Transport object.
 */
-function &_wp_http_get_object() {
+function _wp_http_get_object() {
 	static $http;
 	if ( is_null($http) )
 		$http = new WP_Http();
 /**
 * Send Access-Control-Allow-Origin and related headers if the current request
 * is from an allowed origin.
 *
+* If the request is an OPTIONS request, the script exits with either access
+* control headers sent, or a 403 response if the origin is not allowed. For
+* other request methods, you will receive a return value.
+*
 * @since 3.4.0
 *
 * @return bool|string Returns the origin URL if headers are sent. Returns false
 * if headers are not sent.
 */
 function send_origin_headers() {
 	$origin = get_http_origin();
-	if ( ! is_allowed_http_origin( $origin ) )
-		return false;
+	if ( is_allowed_http_origin( $origin ) ) {
+		@header( 'Access-Control-Allow-Origin: ' .  $origin );
-	@header( 'Access-Control-Allow-Origin: ' .  $origin );
+		@header( 'Access-Control-Allow-Credentials: true' );
-	@header( 'Access-Control-Allow-Credentials: true' );
+		if ( 'OPTIONS' === $_SERVER['REQUEST_METHOD'] )
+			exit;
-	return $origin;
+		return $origin;
-}
+	}
+	if ( 'OPTIONS' === $_SERVER['REQUEST_METHOD'] ) {
+		status_header( 403 );
+		exit;
+	}
+	return false;
+}

changeset 204	09a1c134465b
parent 194	32102edaa81b