Opened 9 years ago
Closed 9 years ago
#1522 closed enhancement (worksforme)
Add `Access-Control-Allow-Origin` header to api.wordpress.org
Reported by: | DvanKooten | Owned by: | |
---|---|---|---|
Milestone: | Priority: | normal | |
Component: | API | Keywords: | |
Cc: |
Description
It would be super helpful if api.wordpress.org would explicitly send a Access-Control-Allow-Origin
header so that it accepts client-side requests without having to be proxied through a server.
header( 'Access-Control-Allow-Origin: *' );
Example use case
I wanted to show a chart with a breakdown of PHP versions running WordPress on a GitHub pages (Jekyll) site. Right now, this requires the call to https://api.wordpress.org/ to be proxied through a server somewhere since the default is to disallow client-side requests from other origins / hosts.
Note: See
TracTickets for help on using
tickets.
Generally speaking, we'd prefer that you did not make client side requests to the API server. Those servers get a lot of traffic and adding more is not something we wish to support at this time.
For those cases where we do allow the data to be used client side, we have added JSONP support, which will allow you to make such a request from the browser without having to adjust the headers or running into cross-domain restrictions.
For example, the PHP version numbers are available using JSONP like so:
https://api.wordpress.org/stats/php/1.0/?callback=example
With jQuery, getting this data would look like so: