define( 'DOING_AJAX', true );
define( 'WP_ADMIN', true );
+/** Load WordPress Bootstrap */
+require_once( dirname( dirname( __FILE__ ) ) . '/wp-load.php' );
+
+/** Allow for cross-domain requests (from the frontend). */
+send_origin_headers();
+
// Require an action parameter
if ( empty( $_REQUEST['action'] ) )
die( '0' );
-/** Load WordPress Bootstrap */
-require_once( dirname( dirname( __FILE__ ) ) . '/wp-load.php' );
-
/** Load WordPress Administration APIs */
require_once( ABSPATH . 'wp-admin/includes/admin.php' );
@header( 'X-Robots-Tag: noindex' );
send_nosniff_header();
+nocache_headers();
do_action( 'admin_init' );
'menu-locations-save', 'menu-quick-search', 'meta-box-order', 'get-permalink',
'sample-permalink', 'inline-save', 'inline-save-tax', 'find_posts', 'widgets-order',
'save-widget', 'set-post-thumbnail', 'date_format', 'time_format', 'wp-fullscreen-save-post',
- 'wp-remove-post-lock', 'dismiss-wp-pointer', 'upload-attachment',
+ 'wp-remove-post-lock', 'dismiss-wp-pointer', 'upload-attachment', 'get-attachment',
+ 'query-attachments', 'save-attachment', 'save-attachment-compat', 'send-link-to-editor',
+ 'send-attachment-to-editor', 'save-attachment-order', 'heartbeat', 'get-revision-diffs',
);
// Register core Ajax calls.
if ( ! empty( $_POST['action'] ) && in_array( $_POST['action'], $core_actions_post ) )
add_action( 'wp_ajax_' . $_POST['action'], 'wp_ajax_' . str_replace( '-', '_', $_POST['action'] ), 1 );
-add_action( 'wp_ajax_nopriv_autosave', 'wp_ajax_nopriv_autosave', 1 );
+add_action( 'wp_ajax_nopriv_heartbeat', 'wp_ajax_nopriv_heartbeat', 1 );
if ( is_user_logged_in() )
do_action( 'wp_ajax_' . $_REQUEST['action'] ); // Authenticated actions