OPTIONS requests to REST API should return Allow header.

An OPTIONS request was incorrectly returning an "Accept" header which
was a typo of "Allow". This meant Accept was showing "GET, POST" for example,
however it was also not running the permission checks on the endpoints.

Instead, the correct route needs to be set on the request object, which means
the normal handling for the Allow header will kick in. This technically
breaks backwards compatibility, however given the value of Accept was also wrong
then this should not be an issue.

Fixes #35975.

Built from https://develop.svn.wordpress.org/trunk@36829


git-svn-id: http://core.svn.wordpress.org/trunk@36796 1a063a9b-81f0-0310-95a4-ce76da25c4cd

wp-includes/rest-api.php

@@ -431,10 +431,9 @@ function rest_handle_options_request( $response, $handler, $request ) {
 		}
 
 		$data = $handler->get_data_for_route( $route, $endpoints, 'help' );
-		$accept = array_merge( $accept, $data['methods'] );
+		$response->set_matched_route( $route );
 		break;
 	}
-	$response->header( 'Accept', implode( ', ', $accept ) );
 
 	$response->set_data( $data );
 	return $response;

wp-includes/version.php

@@ -4,7 +4,7 @@
  *
  * @global string $wp_version
  */
-$wp_version = '4.5-beta2-36828';
+$wp_version = '4.5-beta2-36829';
 
 /**
  * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.