From 42a430a0a95beb7876532b780f3d3d9eba417624 Mon Sep 17 00:00:00 2001
From: whyisjake <whyisjake@git.wordpress.org>
Date: Tue, 15 Oct 2019 15:54:53 +0000
Subject: [PATCH] REST API: Allow for multiple Vary: Origin headers in GET
 responses.

Simple fix, we pass false as the second parameter to the header function.

This is something that we added downstream of the 5.2.4 release, but we missed in 5.2/trunk.

Fixes #48309, see also [46544].
Props xknown, whyisjake.

Built from https://develop.svn.wordpress.org/branches/5.2@46545


git-svn-id: http://core.svn.wordpress.org/branches/5.2@46342 1a063a9b-81f0-0310-95a4-ce76da25c4cd
---
 wp-includes/rest-api.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/wp-includes/rest-api.php b/wp-includes/rest-api.php
index 0910842b8a..c5a911c729 100644
--- a/wp-includes/rest-api.php
+++ b/wp-includes/rest-api.php
@@ -589,7 +589,7 @@ function rest_send_cors_headers( $value ) {
 		header( 'Access-Control-Allow-Credentials: true' );
 		header( 'Vary: Origin', false );
 	} elseif ( ! headers_sent() && 'GET' === $_SERVER['REQUEST_METHOD'] && ! is_user_logged_in() ) {
-		header( 'Vary: Origin' );
+		header( 'Vary: Origin', false );
 	}
 
 	return $value;