質問編集履歴

3

headerレスポンスです。

2020/08/23 05:42

投稿

退会済みユーザー
test CHANGED
File without changes
test CHANGED
@@ -142,6 +142,72 @@
142
142
 
143
143
 
144
144
 
145
+ ```
146
+
147
+ Request URL: https://xxx/wp-json/wp/v2/xxx
148
+
149
+ Request Method: OPTIONS
150
+
151
+ Status Code: 401
152
+
153
+ Remote Address: xx.xx.xx.xx
154
+
155
+ Referrer Policy: no-referrer-when-downgrade
156
+
157
+ content-length: 2784
158
+
159
+ content-type: text/html
160
+
161
+ date: Sun, 23 Aug 2020 05:22:28 GMT
162
+
163
+ etag: "ae0-57776badffe36"
164
+
165
+ last-modified: Fri, 05 Oct 2018 08:05:08 GMT
166
+
167
+ server: nginx
168
+
169
+ status: 401
170
+
171
+ www-authenticate: Basic realm="Member Site"
172
+
173
+ :authority: xx.xx.xx
174
+
175
+ :method: OPTIONS
176
+
177
+ :path: /wp-json/wp/v2/xxx
178
+
179
+ :scheme: https
180
+
181
+ accept: */*
182
+
183
+ accept-encoding: gzip, deflate, br
184
+
185
+ accept-language: ja,en-US;q=0.9,en;q=0.8
186
+
187
+ access-control-request-headers: authorization
188
+
189
+ access-control-request-method: POST
190
+
191
+ cache-control: no-cache
192
+
193
+ origin: https://xxx
194
+
195
+ pragma: no-cache
196
+
197
+ referer: https://xxx
198
+
199
+ sec-fetch-dest: empty
200
+
201
+ sec-fetch-mode: cors
202
+
203
+ sec-fetch-site: cross-site
204
+
205
+ user-agent: xxx
206
+
207
+ ```
208
+
209
+
210
+
145
211
  function.phpやhttp.php、admin-ajax.php、.htaccessなどにもheader( 'Access-Control-Allow-Origin: *')を追加してみましたがダメでした。
146
212
 
147
213
  ベーシック認証がかかっているとワイルドカードは使えないという情報も見たのでheader( 'Access-Control-Allow-Origin: https://****')とアドレスを指定してみましたがうまくいきません。

2

試したコードとその結果です

2020/08/23 05:42

投稿

退会済みユーザー
test CHANGED
File without changes
test CHANGED
@@ -68,6 +68,78 @@
68
68
 
69
69
 
70
70
 
71
+ ```
72
+
73
+ [ functions.phpに追加 ]
74
+
75
+ function my_customize_rest_cors() {
76
+
77
+ remove_filter( 'rest_pre_serve_request', 'rest_send_cors_headers' );
78
+
79
+ add_filter( 'rest_pre_serve_request', function( $value ) {
80
+
81
+ header( 'Access-Control-Allow-Origin: https://xxx' );
82
+
83
+ header( 'Access-Control-Allow-Methods: GET' );
84
+
85
+ header( 'Access-Control-Allow-Credentials: true' );
86
+
87
+ return $value;
88
+
89
+ } );
90
+
91
+ }
92
+
93
+ add_action( 'rest_api_init', 'my_customize_rest_cors', 15 );
94
+
95
+
96
+
97
+ [ 結果 ]
98
+
99
+ Access to XMLHttpRequest at 'https://xxx/wp-json/wp/v2/xxx' from origin 'https:xxx' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.
100
+
101
+ ```
102
+
103
+
104
+
105
+ ```
106
+
107
+ [ admin-ajax.phpに追加 ]
108
+
109
+ header( 'Access-Control-Allow-Origin: https://xxx' );
110
+
111
+ header( 'Access-Control-Allow-Methods: GET' );
112
+
113
+ header( 'Access-Control-Allow-Credentials: true' );
114
+
115
+
116
+
117
+ [ 結果 ]
118
+
119
+ Access to XMLHttpRequest at 'https://xxx/wp-json/wp/v2/xxx' from origin 'https:xxx' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.
120
+
121
+ ```
122
+
123
+
124
+
125
+ ```
126
+
127
+ [ .htaccessに追加 ]
128
+
129
+ Header set Access-Control-Allow-Origin: http://xxx
130
+
131
+ Header set Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
132
+
133
+ Header set Access-Control-Allow-Credentials: true
134
+
135
+
136
+
137
+ [ 結果 ]
138
+
139
+ Access to XMLHttpRequest at 'https://xxx/wp-json/wp/v2/xxx' from origin 'https:xxx' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.
140
+
141
+ ```
142
+
71
143
 
72
144
 
73
145
  function.phpやhttp.php、admin-ajax.php、.htaccessなどにもheader( 'Access-Control-Allow-Origin: *')を追加してみましたがダメでした。

1

2020/08/23 05:36

投稿

退会済みユーザー
test CHANGED
File without changes
test CHANGED
@@ -26,7 +26,7 @@
26
26
 
27
27
  add_filter( 'rest_pre_serve_request', function( $value ) {
28
28
 
29
- //header( 'Access-Control-Allow-Origin: ' . $origin );
29
+ header( 'Access-Control-Allow-Origin: ' . $origin );
30
30
 
31
31
  header( 'Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE' );
32
32