From 7a4e523b5e7a23901934b255ad6411423354c973 Mon Sep 17 00:00:00 2001 From: Rachel Baker Date: Thu, 16 Jun 2016 14:58:28 +0000 Subject: [PATCH] REST API: Include X-Robots-Tag: noindex header in REST API responses to prevent endpoints from being indexed by search engines. Prevent duplicate content issues with search engines and REST API endpoint response data. Fixes #36390. Props m_uysl for the initial patch. git-svn-id: https://develop.svn.wordpress.org/trunk@37726 602fd350-edb4-49c9-b593-d223f7449a82 --- src/wp-includes/rest-api/class-wp-rest-server.php | 1 + tests/phpunit/tests/rest-api/rest-server.php | 9 +++++++++ 2 files changed, 10 insertions(+) diff --git a/src/wp-includes/rest-api/class-wp-rest-server.php b/src/wp-includes/rest-api/class-wp-rest-server.php index 75b3388bf4..12e4086bbc 100644 --- a/src/wp-includes/rest-api/class-wp-rest-server.php +++ b/src/wp-includes/rest-api/class-wp-rest-server.php @@ -226,6 +226,7 @@ class WP_REST_Server { public function serve_request( $path = null ) { $content_type = isset( $_GET['_jsonp'] ) ? 'application/javascript' : 'application/json'; $this->send_header( 'Content-Type', $content_type . '; charset=' . get_option( 'blog_charset' ) ); + $this->send_header( 'X-Robots-Tag', 'noindex' ); /* * Mitigate possible JSONP Flash attacks. diff --git a/tests/phpunit/tests/rest-api/rest-server.php b/tests/phpunit/tests/rest-api/rest-server.php index 21fc61c7b9..8a53360157 100644 --- a/tests/phpunit/tests/rest-api/rest-server.php +++ b/tests/phpunit/tests/rest-api/rest-server.php @@ -717,6 +717,15 @@ class Tests_REST_Server extends WP_Test_REST_TestCase { $this->assertContains( 'test/another', $namespaces ); } + public function test_x_robot_tag_header_on_requests() { + $request = new WP_REST_Request( 'GET', '/', array() ); + + $result = $this->server->serve_request('/'); + $headers = $this->server->sent_headers; + + $this->assertEquals( 'noindex', $headers['X-Robots-Tag'] ); + } + public function test_nocache_headers_on_authenticated_requests() { $editor = self::factory()->user->create( array( 'role' => 'editor' ) ); $request = new WP_REST_Request( 'GET', '/', array() );