REST API: Send a Vary: Origin header on GET requests.

Add this header on all GET requests to prevent cached requests. Props darthhexx, davidbinda, nickdaugherty, whyisjake. Built from https://develop.svn.wordpress.org/trunk@46478 git-svn-id: http://core.svn.wordpress.org/trunk@46276 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2024-09-27 14:53:08 +02:00 · 2019-10-14 15:43:04 +00:00 · 2019-10-14 15:43:04 +00:00 · b224c251ad
commit b224c251ad
parent b183fd1cca
2 changed files with 3 additions and 1 deletions
--- a/wp-includes/rest-api.php
+++ b/wp-includes/rest-api.php
@ -589,6 +589,8 @@ function rest_send_cors_headers( $value ) {
 		header( 'Access-Control-Allow-Methods: OPTIONS, GET, POST, PUT, PATCH, DELETE' );
 		header( 'Access-Control-Allow-Credentials: true' );
 		header( 'Vary: Origin' );
+	} else if ( 'GET' === $_SERVER['REQUEST_METHOD'] && ! is_user_logged_in() ) {
+		header( 'Vary: Origin' );
 	}

 	return $value;
--- a/wp-includes/version.php
+++ b/wp-includes/version.php
@ -13,7 +13,7 @@
 *
 * @global string $wp_version
 */
-$wp_version = '5.3-beta3-46477';
+$wp_version = '5.3-beta3-46478';

 /**
 * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.