Skip to content

Commit

Permalink
CANTINA-913: Match protocol in CORS header
Browse files Browse the repository at this point in the history 
Only allow HTTPS origins on VIP
  • Loading branch information
@rebeccahum
rebeccahum committed Oct 23, 2023
1 parent 746f135 commit 13090b5
Showing 1 changed file with 13 additions and 0 deletions.
13 changes: 13 additions & 0 deletions 001-core.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -164,3 +164,16 @@ function vip_prevent_invalid_core_query_args() {
}

add_action( 'wp_loaded', 'vip_prevent_invalid_core_query_args', 1 );

add_filter( 'allowed_http_origins', 'vip_only_https_origins', PHP_INT_MAX );

/**
* Only allow HTTPS origins on VIP
*
* @param array $origins
*/
function vip_only_https_origins( $origins ) {
return array_filter( $origins, function( $origin ) {
return strpos( $origin, 'https://' ) === 0;
});
}

0 comments on commit 13090b5

Please sign in to comment.