質問編集履歴
3
headerレスポンスです。
test
CHANGED
File without changes
|
test
CHANGED
@@ -142,6 +142,72 @@
|
|
142
142
|
|
143
143
|
|
144
144
|
|
145
|
+
```
|
146
|
+
|
147
|
+
Request URL: https://xxx/wp-json/wp/v2/xxx
|
148
|
+
|
149
|
+
Request Method: OPTIONS
|
150
|
+
|
151
|
+
Status Code: 401
|
152
|
+
|
153
|
+
Remote Address: xx.xx.xx.xx
|
154
|
+
|
155
|
+
Referrer Policy: no-referrer-when-downgrade
|
156
|
+
|
157
|
+
content-length: 2784
|
158
|
+
|
159
|
+
content-type: text/html
|
160
|
+
|
161
|
+
date: Sun, 23 Aug 2020 05:22:28 GMT
|
162
|
+
|
163
|
+
etag: "ae0-57776badffe36"
|
164
|
+
|
165
|
+
last-modified: Fri, 05 Oct 2018 08:05:08 GMT
|
166
|
+
|
167
|
+
server: nginx
|
168
|
+
|
169
|
+
status: 401
|
170
|
+
|
171
|
+
www-authenticate: Basic realm="Member Site"
|
172
|
+
|
173
|
+
:authority: xx.xx.xx
|
174
|
+
|
175
|
+
:method: OPTIONS
|
176
|
+
|
177
|
+
:path: /wp-json/wp/v2/xxx
|
178
|
+
|
179
|
+
:scheme: https
|
180
|
+
|
181
|
+
accept: */*
|
182
|
+
|
183
|
+
accept-encoding: gzip, deflate, br
|
184
|
+
|
185
|
+
accept-language: ja,en-US;q=0.9,en;q=0.8
|
186
|
+
|
187
|
+
access-control-request-headers: authorization
|
188
|
+
|
189
|
+
access-control-request-method: POST
|
190
|
+
|
191
|
+
cache-control: no-cache
|
192
|
+
|
193
|
+
origin: https://xxx
|
194
|
+
|
195
|
+
pragma: no-cache
|
196
|
+
|
197
|
+
referer: https://xxx
|
198
|
+
|
199
|
+
sec-fetch-dest: empty
|
200
|
+
|
201
|
+
sec-fetch-mode: cors
|
202
|
+
|
203
|
+
sec-fetch-site: cross-site
|
204
|
+
|
205
|
+
user-agent: xxx
|
206
|
+
|
207
|
+
```
|
208
|
+
|
209
|
+
|
210
|
+
|
145
211
|
function.phpやhttp.php、admin-ajax.php、.htaccessなどにもheader( 'Access-Control-Allow-Origin: *')を追加してみましたがダメでした。
|
146
212
|
|
147
213
|
ベーシック認証がかかっているとワイルドカードは使えないという情報も見たのでheader( 'Access-Control-Allow-Origin: https://****')とアドレスを指定してみましたがうまくいきません。
|
2
試したコードとその結果です
test
CHANGED
File without changes
|
test
CHANGED
@@ -68,6 +68,78 @@
|
|
68
68
|
|
69
69
|
|
70
70
|
|
71
|
+
```
|
72
|
+
|
73
|
+
[ functions.phpに追加 ]
|
74
|
+
|
75
|
+
function my_customize_rest_cors() {
|
76
|
+
|
77
|
+
remove_filter( 'rest_pre_serve_request', 'rest_send_cors_headers' );
|
78
|
+
|
79
|
+
add_filter( 'rest_pre_serve_request', function( $value ) {
|
80
|
+
|
81
|
+
header( 'Access-Control-Allow-Origin: https://xxx' );
|
82
|
+
|
83
|
+
header( 'Access-Control-Allow-Methods: GET' );
|
84
|
+
|
85
|
+
header( 'Access-Control-Allow-Credentials: true' );
|
86
|
+
|
87
|
+
return $value;
|
88
|
+
|
89
|
+
} );
|
90
|
+
|
91
|
+
}
|
92
|
+
|
93
|
+
add_action( 'rest_api_init', 'my_customize_rest_cors', 15 );
|
94
|
+
|
95
|
+
|
96
|
+
|
97
|
+
[ 結果 ]
|
98
|
+
|
99
|
+
Access to XMLHttpRequest at 'https://xxx/wp-json/wp/v2/xxx' from origin 'https:xxx' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.
|
100
|
+
|
101
|
+
```
|
102
|
+
|
103
|
+
|
104
|
+
|
105
|
+
```
|
106
|
+
|
107
|
+
[ admin-ajax.phpに追加 ]
|
108
|
+
|
109
|
+
header( 'Access-Control-Allow-Origin: https://xxx' );
|
110
|
+
|
111
|
+
header( 'Access-Control-Allow-Methods: GET' );
|
112
|
+
|
113
|
+
header( 'Access-Control-Allow-Credentials: true' );
|
114
|
+
|
115
|
+
|
116
|
+
|
117
|
+
[ 結果 ]
|
118
|
+
|
119
|
+
Access to XMLHttpRequest at 'https://xxx/wp-json/wp/v2/xxx' from origin 'https:xxx' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.
|
120
|
+
|
121
|
+
```
|
122
|
+
|
123
|
+
|
124
|
+
|
125
|
+
```
|
126
|
+
|
127
|
+
[ .htaccessに追加 ]
|
128
|
+
|
129
|
+
Header set Access-Control-Allow-Origin: http://xxx
|
130
|
+
|
131
|
+
Header set Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
|
132
|
+
|
133
|
+
Header set Access-Control-Allow-Credentials: true
|
134
|
+
|
135
|
+
|
136
|
+
|
137
|
+
[ 結果 ]
|
138
|
+
|
139
|
+
Access to XMLHttpRequest at 'https://xxx/wp-json/wp/v2/xxx' from origin 'https:xxx' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.
|
140
|
+
|
141
|
+
```
|
142
|
+
|
71
143
|
|
72
144
|
|
73
145
|
function.phpやhttp.php、admin-ajax.php、.htaccessなどにもheader( 'Access-Control-Allow-Origin: *')を追加してみましたがダメでした。
|
1
test
CHANGED
File without changes
|
test
CHANGED
@@ -26,7 +26,7 @@
|
|
26
26
|
|
27
27
|
add_filter( 'rest_pre_serve_request', function( $value ) {
|
28
28
|
|
29
|
-
|
29
|
+
header( 'Access-Control-Allow-Origin: ' . $origin );
|
30
30
|
|
31
31
|
header( 'Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE' );
|
32
32
|
|