Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow modification of accepted HTTP methods in the router #393

Closed
yoavf opened this issue Apr 12, 2016 · 6 comments
Closed

Allow modification of accepted HTTP methods in the router #393

yoavf opened this issue Apr 12, 2016 · 6 comments
Labels
[Status] In Progress Tracking issues with work in progress [Type] Enhancement A suggestion for improvement.
Milestone
2.1

Comments

@yoavf
Copy link
Member

yoavf commented Apr 12, 2016

Use case: a GP plugin that allows Cross-Origin requests. Chrome precedes this with an HTTP OPTIONS request, which is currently filtered by the whitelist of http methods.
@yoavf yoavf mentioned this issue Apr 12, 2016
Merged
@toolstack
Copy link
Contributor

Could you provide a real life example of this? Do you have a plugin in mind you want to write that requires this?

@toolstack toolstack added [Type] Enhancement A suggestion for improvement. [Status] In Progress Tracking issues with work in progress labels Apr 12, 2016
@yoavf
Copy link
Member Author

yoavf commented Apr 12, 2016

Sure - On WordPress.com (both the site itself, and all of our users sites), we run a tool called the community translator. It provides a front end interface to GlotPress. As logged in users to WordPress.com are already logged in to translate.glotpress.com (our GW install, soon to be using the plugin version) they can submit translations of WordPress.com or their theme using that tool.

( The Community Translator communicates with some custom endpoints in our GP install, see https://github.com/Automattic/gp-extended-api-plugins/blob/rewrite/translations-wordpress-plugin/gp-translation-extended-api/gp-translation-extended-api.php )

However, since some of these requests originate from different domains, we need to enable cross-site requests. To do that, we do the following:

  • Enable OPTIONS in the router (this issue/PR)
  • In a separate plugin, we add Access-Control-Allow-Origin and Access-Control-Allow-Credentials: true headers in gp_before_request, after we have verified that the request did in fact originates from one of our whitelisted domains

@toolstack
Copy link
Contributor

Thanks.

I'm not sure it would make sense to have this in core, but I could certainly see supporting a filter for the array of http methods to let a plugin alter it.

So instead of:

foreach ( array( 'get', 'post', 'head', 'put', 'delete', 'options' ) as $http_method ) {

have:

$http_methods = apply_filters( 'gp_router_http_methods', array( 'get', 'post', 'head', 'put', 'delete', 'options' ) );

            foreach ( $http_methods as $http_method ) {

@yoavf
Copy link
Member Author

yoavf commented Apr 13, 2016

@toolstack Thanks - updated the PR

@yoavf yoavf changed the title Allow router to process OPTIONS type request Allow modification of accepted HTTP methods in the router Apr 13, 2016
@ocean90 ocean90 added this to the 2.1 milestone Apr 13, 2016
@ocean90
Copy link
Member

ocean90 commented Apr 13, 2016

This will probably be superseded by #338, but since there is no progress yet I'm fine with a filter for the meantime.

@toolstack
Copy link
Contributor

The updated PR looks good.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
[Status] In Progress Tracking issues with work in progress [Type] Enhancement A suggestion for improvement.
Projects
None yet
Milestone
2.1
Development

No branches or pull requests
3 participants
@ocean90 @yoavf @toolstack