Making WordPress.org

Opened 9 years ago

Closed 9 years ago

#1522 closed enhancement (worksforme)

Add `Access-Control-Allow-Origin` header to api.wordpress.org

Reported by: dvankooten's profile DvanKooten Owned by:
Milestone: Priority: normal
Component: API Keywords:
Cc:

Description

It would be super helpful if api.wordpress.org would explicitly send a Access-Control-Allow-Origin header so that it accepts client-side requests without having to be proxied through a server.

header( 'Access-Control-Allow-Origin: *' );  

Example use case

I wanted to show a chart with a breakdown of PHP versions running WordPress on a GitHub pages (Jekyll) site. Right now, this requires the call to https://api.wordpress.org/ to be proxied through a server somewhere since the default is to disallow client-side requests from other origins / hosts.

Change History (1)

#1 @Otto42
9 years ago

  • Resolution set to worksforme
  • Status changed from new to closed

Generally speaking, we'd prefer that you did not make client side requests to the API server. Those servers get a lot of traffic and adding more is not something we wish to support at this time.

For those cases where we do allow the data to be used client side, we have added JSONP support, which will allow you to make such a request from the browser without having to adjust the headers or running into cross-domain restrictions.

For example, the PHP version numbers are available using JSONP like so:

https://api.wordpress.org/stats/php/1.0/?callback=example

With jQuery, getting this data would look like so:

jQuery.getJSON('//api.wordpress.org/stats/php/1.0/?callback=?', function (data) {
	// data contains the data
});
Note: See TracTickets for help on using tickets.