@@ -102,16 +102,24 @@ public function rest_allowed_cors_headers( array $allow_headers ): array {
102102
103103 /**
104104 * Add Access Control Allow Headers for POS app.
105+ *
106+ * NOTE: I have seen this filter called with NULL for $served, which is not expected
105107 *
106- * @param bool $served Whether the request has already been served.
108+ * @param mixed $served Whether the request has already been served.
107109 * Default false.
108110 * @param WP_HTTP_Response $result Result to send to the client. Usually a `WP_REST_Response`.
109111 * @param WP_REST_Request $request Request used to generate the response.
110112 * @param WP_REST_Server $server Server instance.
111113 *
112114 * @return bool $served
113115 */
114- public function rest_pre_serve_request ( bool $ servedWP_HTTP_Response $ resultWP_REST_Request $ requestWP_REST_Server $ serverbool {
116+ public function rest_pre_serve_request ( $ servedWP_HTTP_Response $ resultWP_REST_Request $ requestWP_REST_Server $ serverbool {
117+ // Check if served is a boolean
118+ if ( ! is_bool ( $ served
119+ Logger::log ( "Warning: 'rest_pre_serve_request' filter received a non-boolean value for 'served'. Defaulting to 'false'. " );
120+ $ servedfalse ; // Default value if not provided correctly
121+ }
122+
115123 $ serversend_header ( 'Access-Control-Allow-Origin ' , '* ' );
116124
117125 return $ served
@@ -193,6 +201,12 @@ public function get_auth_header() {
193201 $ headersanitize_text_field ( $ _SERVER 'REDIRECT_HTTP_AUTHORIZATION ' ] );
194202 }
195203
204+ // Check for authorization param in URL
205+ // @TODO - add setting to enable this
206+ if ( ! $ headerisset ( $ _GET 'authorization ' ] ) ) {
207+ $ headersanitize_text_field ( $ _GET 'authorization ' ] );
208+ }
209+
196210 return $ header
197211 }
198212
0 commit comments