Title: oyvindwe's Replies | WordPress.org

---

# oyvindwe

  [  ](https://wordpress.org/support/users/oyvindwe/)

 *   [Profile](https://wordpress.org/support/users/oyvindwe/)
 *   [Topics Started](https://wordpress.org/support/users/oyvindwe/topics/)
 *   [Replies Created](https://wordpress.org/support/users/oyvindwe/replies/)
 *   [Reviews Written](https://wordpress.org/support/users/oyvindwe/reviews/)
 *   [Topics Replied To](https://wordpress.org/support/users/oyvindwe/replied-to/)
 *   [Engagements](https://wordpress.org/support/users/oyvindwe/engagements/)
 *   [Favorites](https://wordpress.org/support/users/oyvindwe/favorites/)

 Search replies:

## Forum Replies Created

Viewing 3 replies - 1 through 3 (of 3 total)

 *   Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/)
    In
   reply to: [[Enable CORS] No support for PATCH](https://wordpress.org/support/topic/no-support-for-patch/)
 *  Thread Starter [oyvindwe](https://wordpress.org/support/users/oyvindwe/)
 * (@oyvindwe)
 * [2 years, 5 months ago](https://wordpress.org/support/topic/no-support-for-patch/#post-17348840)
 * My main goal is to be able to restrict `Access-Control-Allow-Origin` for `/wp-
   json` and keep the other headers as is. This requires a plugin, and this one 
   looks very nice, so I would be very happy to use it instead of writing my own.
 * Without this installed plugin, I get this header (as posted above) for `/wp-json`:
 *     ```wp-block-code
       access-control-allow-methods: OPTIONS, GET, POST, PUT, PATCH, DELETE
       ```
   
 * I would like to retain the value. I actually don’t know if PATCH is in use or
   not, I’m not that familiar with the WordPress REST API.
 * > It is only available on the Subversion repository.
   > **_“No support for PATCH.”_**
   > At this moment, most users of this plugin are utilizing it for GET, POST, and
   > OPTIONS methods. If any 5 user, like yourself, opens or adds a thread to enable
   > the PATCH method, I will include that in the next update.
 * OK – I tried to add “PATCH” to both the Javascript and PHP files, but I wasn’t
   able to make it appear in the admin UI.
 * > **_“Commas should be followed by a space (” “).”_**
   > If you could explain or add a relevant resource link discussing the pros and
   > cons of this, I would be grateful to you.
 * Space is optional according to the spec, but improves readability. The plugin
   actually uses spaces in `Access-Control-Allow-Headers`
 * > `Access-Control-Allow-Methods = #[method](https://httpwg.org/specs/rfc9110.html#method.overview)`
   > `
   > Access-Control-Allow-Headers = #[field-name](https://httpwg.org/specs/rfc9110.html#fields.names)`
   >  [https://fetch.spec.whatwg.org/#http-new-header-syntax](https://fetch.spec.whatwg.org/#http-new-header-syntax)
 * > #rule
   > A construct “#” is defined, similar to “*”, for defining lists of elements.
   > The full form is “<n>#<m>element” indicating at least <n> and at most <m> elements,
   > each separated by one or more commas (“,”) and OPTIONAL linear white space (
   > LWS).
   >  [https://datatracker.ietf.org/doc/html/rfc2616#section-2.1](https://datatracker.ietf.org/doc/html/rfc2616#section-2.1)
 *   Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/)
    In
   reply to: [[Enable CORS] No support for PATCH](https://wordpress.org/support/topic/no-support-for-patch/)
 *  Thread Starter [oyvindwe](https://wordpress.org/support/users/oyvindwe/)
 * (@oyvindwe)
 * [2 years, 5 months ago](https://wordpress.org/support/topic/no-support-for-patch/#post-17347361)
 * I can try to make a PR. Is there a git repo for the plugin code, or is it only
   available on the Subversion repo?
 *   Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/)
    In
   reply to: [[Enable CORS] Wrong value for access-control-allow-credentials](https://wordpress.org/support/topic/wrong-value-for-access-control-allow-credentials/)
 *  Thread Starter [oyvindwe](https://wordpress.org/support/users/oyvindwe/)
 * (@oyvindwe)
 * [2 years, 5 months ago](https://wordpress.org/support/topic/wrong-value-for-access-control-allow-credentials/#post-17347247)
 * Thank you very much! I didn’t check the RFC, only MDN, which claims that the 
   only allowed value is `true` (case sensitive): [https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Credentials#directives](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Credentials#directives)

Viewing 3 replies - 1 through 3 (of 3 total)