api->server->send_status( 400 ); return wp_json_encode( array( array( 'code' => 'woocommerce_api_jsonp_disabled', 'message' => __( 'JSONP support is disabled on this site', 'woocommerce' ) ) ) ); } $jsonp_callback = $_GET['_jsonp']; if ( ! wp_check_jsonp_callback( $jsonp_callback ) ) { WC()->api->server->send_status( 400 ); return wp_json_encode( array( array( 'code' => 'woocommerce_api_jsonp_callback_invalid', __( 'The JSONP callback function is invalid', 'woocommerce' ) ) ) ); } WC()->api->server->header( 'X-Content-Type-Options', 'nosniff' ); // Prepend '/**/' to mitigate possible JSONP Flash attacks. // https://miki.it/blog/2014/7/8/abusing-jsonp-with-rosetta-flash/ return '/**/' . $jsonp_callback . '(' . wp_json_encode( $data ) . ')'; } return wp_json_encode( $data ); } }