REST API: Allow for multiple Vary: Origin headers in GET responses.

Simple fix, we pass false as the second parameter to the header function. This is something that we added downstream of the 5.2.4 release, but we missed in 5.2/trunk. Fixes #48309, see also [46544]. Props xknown, whyisjake. Built from https://develop.svn.wordpress.org/branches/5.2@46545 git-svn-id: http://core.svn.wordpress.org/branches/5.2@46342 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2024-06-22 21:04:57 +02:00 · 2019-10-15 15:54:53 +00:00 · 2019-10-15 15:54:53 +00:00 · 42a430a0a9
commit 42a430a0a9
parent d60f90873c
1 changed files with 1 additions and 1 deletions
--- a/wp-includes/rest-api.php
+++ b/wp-includes/rest-api.php
@ -589,7 +589,7 @@ function rest_send_cors_headers( $value ) {
 		header( 'Access-Control-Allow-Credentials: true' );
 		header( 'Vary: Origin', false );
 	} elseif ( ! headers_sent() && 'GET' === $_SERVER['REQUEST_METHOD'] && ! is_user_logged_in() ) {
-		header( 'Vary: Origin' );
+		header( 'Vary: Origin', false );
 	}

 	return $value;