You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Now, I can't say I fully understand what's going on, but that Location header "just works" again if in src/ManageTokens.php I comment out the $response->set_headers() call on line 345-355.
(Was somehow hoping that merely adding a second ("override") parameter equal to false to the $response->set_headers() call would get it to leave existing headers alone, but that doesn't seem to do much at all.)
I also noticed how just above it says, "The Access-Control-Expose-Headers aren't directly filterable for REST API responses, so this overrides them altogether."
I'm wondering if that's the case, still, as WP core seems to now set these as follows (since WP5.5, in wp-includes/rest-api/class-wp-rest-server.php):
Again, not 100% sure, but it looks like rest_exposed_cors_headers might be the filter you're looking for here. Seems it would allow one to just tack on the X-JWT-Refresh header.
The text was updated successfully, but these errors were encountered:
Probably a bit niche, but this bit of code (https://github.com/wp-graphql/wp-graphql-jwt-authentication/blob/develop/src/ManageTokens.php#L345) somehow removes the
Location
header off of certain IndieAuth responses.Well, this one response right here: https://github.com/indieweb/wordpress-indieauth/blob/trunk/includes/class-indieauth-authorization-endpoint.php#L273
Now, I can't say I fully understand what's going on, but that Location header "just works" again if in
src/ManageTokens.php
I comment out the$response->set_headers()
call on line 345-355.(Was somehow hoping that merely adding a second ("override") parameter equal to
false
to the$response->set_headers()
call would get it to leave existing headers alone, but that doesn't seem to do much at all.)I also noticed how just above it says, "The Access-Control-Expose-Headers aren't directly filterable for REST API responses, so this overrides them altogether."
I'm wondering if that's the case, still, as WP core seems to now set these as follows (since WP5.5, in
wp-includes/rest-api/class-wp-rest-server.php
):Again, not 100% sure, but it looks like
rest_exposed_cors_headers
might be the filter you're looking for here. Seems it would allow one to just tack on theX-JWT-Refresh
header.The text was updated successfully, but these errors were encountered: