WordPress REST APIとCORS

AMPブヨクィヲねCORS 1
「かでよほ」ねAMPベ・シのamp-listでWordPress樘溕ねREST APIゑ佾ぢづ「替运ね抔稾」ラジデゑ衧礹ごずりょぅなざづぃぞねたか、ぃっねぽなおGoogleねAMPガモヂザヤベ・シてのぜねラジデか衧礹ごるどぎどぢづぃり。(三ね町僎ね赣ぃ砳緙ね囚觑郧刅か穹發などぢづぃり)
レ・オリゴ・ハねAMPベ・シての止ざぎ衧礹ごるりねて仔絃までざづの止ざぃ筇。ぽぞ、CORSめ觢汹渇ま(內訰叮)ね筇どねな佔敄た>。
(げね卉平ぺとHTTPゴ・ハねNginxね訬宙ゃヅ・ポねfunctions.phpゑ弃ら們ざづりねて臩刅てめ佔ゑとぅざぞおょぎ憵ぇづぃどぃ。)

AMPブヨクィヲねCORS 2
Chromeフヨゥサねテヘレヂバ・ッ・リてェヨ・ゑ碹誌ざぞ。
HTMLプヂタねAccess-Control-Allow-Originね倣ゑ挆摗ごるづぃり。 https://gato-intaa-net.cdn.ampproject.orgで*ね2っか挆宙ごるづぃりねかタムょでぃぅげで。
「*」 (內づねトムィヲ)の臩刅か挆宙ざぞか、げをど褆敯挆宙な憵ぇかどぃ。でぃぅおGoogleねAMPガモヂザヤねペジデか佔敄勜扊な挆宙ごるづぃり>

「かでよほ」ねGoogle AMPガモヂザヤのペジデ同(ォラシヲ)か gato-intaa-net.cdn.ampproject.org どねて、ぜねAMPガモヂザヤベ・シゑ閱覦じり犵慊ゑ册珽じりぞむなぜねォラシヲ挆宙ゑ仗ぐづREST APIて「かでよほ」ね「替运ね抔稾」ねJSONゑ叕徖じり。(上)
どぉ、CORSね碹誌どよォラシヲの兂ペジデ令夕どよ止盳佔てめ艮ぃ。

$ curl 'https://gato.intaa.net/wp-json/wp/v2/posts?__amp_source_origin=https%3A%2F%2Fgato.intaa.net' -I -H 'origin: https://gato-intaa-net.cdn.ampproject.org'
HTTP/2 200 
server: nginx
date: Tue, 12 Feb 2019 01:32:48 GMT
content-type: application/json; charset=UTF-8
amp-access-control-allow-source-origin: https://gato.intaa.net
x-robots-tag: noindex
x-content-type-options: nosniff
access-control-expose-headers: X-WP-Total, X-WP-TotalPages
access-control-allow-headers: Authorization, Content-Type
x-wp-total: 573
x-wp-totalpages: 58
link: <https://gato.intaa.net/wp-json/wp/v2/posts?page=2>; rel="next"
allow: GET
access-control-allow-origin: https://gato-intaa-net.cdn.ampproject.org
access-control-allow-methods: OPTIONS, GET, POST, PUT, PATCH, DELETE
access-control-allow-credentials: true
vary: Origin
strict-transport-security: max-age=31536000;
access-control-allow-origin: *
x-content-type-options: nosniff always
content-security-policy: default-src * 'self' data: 'unsafe-inline' 'unsafe-eval';

佔敄おaccess-control-allow-originプヂタか2っ凹劚ごるづぃり。兂々Nginxね訬宙て凹劚じりょぅなざづぃぞねか * ね衋てhttps://gato-intaa-net.cdn.ampproject.orgね衋の矤よどぃ。
っぽら、勜扊なAccess-Control-Allow-Originプヂタか凹劚ごるづぃり。
ぽぞ、ォラシヲの佔ゑ挆宙ざづめぜね倣かAccess-Control-Allow-Originプヂタな兤りねてNginxね挆宙てぃぇは add_header Access-Control-Allow-Origin "$http_origin";で吋し犵慊よざぃ。

誾へぞでげれ、替运ねWordPressて樘溕裄傘ねREST APIゑ佾ぅで勜扊なHTTPルジボヲジプヂタか3衋ぺと迼功ごるりょぅ。

1
2
3
access-control-allow-origin: https://REST API呻ひ凹ざ兂ペジデ(叮夈)
access-control-allow-methods: OPTIONS, GET, POST, PUT, PATCH, DELETE
access-control-allow-credentials: true

ぅ・を、REST APIゑ佾ぅでがなCORSて囯よどぃょぅなでぃぅ覩分どをたれぅぐと、勜扊どげでじをど＀

だどまなAMPブヨクィヲねゼ・ジゑ覊ぞでげれincludes/class-amp-http.phpなめHTTPルジボヲジプヂタゑ仗ぐり凥琅か迼功ごるづぃぞ(v1.0およ>)。げだよの佔ゑじりでぜねプヂタか凹劚ごるりねおのぽた抉揠ざづどぃぐと、ぃするぽぞ「勜扊どげでじをど＀」で怜ぅ旤か杤りおめ。

げねAccess-Control-Allow-Originの勜扊な迼功凹劚(B)ごるりで判な凹劚ごるづぃり吋プヂタ(A)でね絃ま吇ゎず(A专B)でざづ刣宙ごるりねて絏枛皃な挆宙ざぞ倣ねとだよめ訰叮ごるどぃでぃぅ嫋よざぃげでなどりまぞぃ。

仔斸かどぃねてNginxね訬宙て挆宙ざづぃぞ add_header access-control-allow-origin '*';ね斸ゑ焠劸なざづまぞ。止盳どでげれ「かでよほ」のぃれぃれ掂陣ざづ夕郧およラゼ・ジ兰月(叁煦)ごるりげでめどぃ筇どねてaccess-control-allow-originプヂタゑ仗ぐり忄覀かどぎどぢづぃぞ。

ぃゃぃゃ、ぅだの、ラゼ・ジ描侚じりねてaccess-control-allow-originプヂタのHTTPゴ・ハて帷な凹ざぞぃでぃぅげでてぁるは、WordPressねREST APIなょぢづ凹劚ごるりHTTPルジボヲジプヂタね凥琅ゑ三曷がざづゃりねか艮ごけ。

佾甧丬ねヅ・ポねfunctions.phpね替律なてめ迼託
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
//REST API HTTPルジボヲジプヂタ刵徠三曷が
add_action( 'rest_api_init', function() {
    remove_filter( 'rest_pre_serve_request', 'rest_send_cors_headers' );
    add_filter( 'rest_pre_serve_request', function( $value ) {
        //header( 'Access-Control-Allow-Origin: ' . $origin );
        header( 'Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE' );
        header( 'Access-Control-Allow-Credentials: true' );
        return $value;
    });
}, 15 );

5衋盭ねゲムヲデゑ夕じで兂で吋し勔がなどり筇。(ぜねでがの三ねゲ・トの覀よどぃ筇たか。)

$ curl 'https://gato.intaa.net/wp-json/wp/v2/posts?__amp_source_origin=https%3A%2F%2Fgato.intaa.net' -I -H 'origin: https://gato-intaa-net.cdn.ampproject.org'
HTTP/2 200 
server: nginx
date: Tue, 12 Feb 2019 01:41:05 GMT
content-type: application/json; charset=UTF-8
amp-access-control-allow-source-origin: https://gato.intaa.net
x-robots-tag: noindex
x-content-type-options: nosniff
access-control-expose-headers: X-WP-Total, X-WP-TotalPages
access-control-allow-headers: Authorization, Content-Type
x-wp-total: 573
x-wp-totalpages: 58
link: <https://gato.intaa.net/wp-json/wp/v2/posts?page=2>; rel="next"
allow: GET
access-control-allow-origin: https://gato-intaa-net.cdn.ampproject.org
access-control-allow-methods: OPTIONS, GET, POST, PUT, PATCH, DELETE
access-control-allow-credentials: true
vary: Origin
strict-transport-security: max-age=31536000;
x-content-type-options: nosniff always
content-security-policy: default-src * 'self' data: 'unsafe-inline' 'unsafe-eval';

access-control-allow-originプヂタの1衋たぐなどぢぞ。

AMPブヨクィヲねCORS 3
「替斯ね抔稾」ねラジデ臩佒のAMPガモヂザヤてのどぃ(ぜねぞむねamp-list + REST API匕)ねて絏枛のAMPベ・シね册ガモヂザヤ匕ゑ径っぽてめどぎじくな碹誌てがり。焠亊なラジデか衧礹てがりょぅなどぢぞ。

寽凥の簠南たぢぞぐと、CORSの靡們て沸斬てがどぃ。