WP_Http::block_request() WordPress Method
The WP_Http::block_request() method can be used to prevent a request from being sent to a particular URL. This is useful for cases where you need to prevent requests to a certain server or domain. For example, if you are blocking requests to a particular URL, you can use this method to ensure that the request is not sent.
WP_Http::block_request( string $uri ) #
Determines whether an HTTP API request to the given URL should be blocked.
Description
Those who are behind a proxy and want to prevent access to certain hosts may do so. This will prevent plugins from working and core functionality, if you don’t include api.wordpress.org.
You block external URL requests by defining WP_HTTP_BLOCK_EXTERNAL as true in your wp-config.php file and this will only allow localhost and your site to make requests. The constant WP_ACCESSIBLE_HOSTS will allow additional hosts to go through for requests. The format of the WP_ACCESSIBLE_HOSTS constant is a comma separated list of hostnames to allow, wildcard domains are supported, eg *.wordpress.org will allow for all subdomains of wordpress.org to be contacted.
Parameters
- $uri
(string)(Required)URI of url.
Return
(bool) True to block, false to allow.
Source
File: wp-includes/class-wp-http.php
public function block_request( $uri ) {
// We don't need to block requests, because nothing is blocked.
if ( ! defined( 'WP_HTTP_BLOCK_EXTERNAL' ) || ! WP_HTTP_BLOCK_EXTERNAL ) {
return false;
}
$check = parse_url( $uri );
if ( ! $check ) {
return true;
}
$home = parse_url( get_option( 'siteurl' ) );
// Don't block requests back to ourselves by default.
if ( 'localhost' === $check['host'] || ( isset( $home['host'] ) && $home['host'] === $check['host'] ) ) {
/**
* Filters whether to block local HTTP API requests.
*
* A local request is one to `localhost` or to the same host as the site itself.
*
* @since 2.8.0
*
* @param bool $block Whether to block local requests. Default false.
*/
return apply_filters( 'block_local_requests', false );
}
if ( ! defined( 'WP_ACCESSIBLE_HOSTS' ) ) {
return true;
}
static $accessible_hosts = null;
static $wildcard_regex = array();
if ( null === $accessible_hosts ) {
$accessible_hosts = preg_split( '|,\s*|', WP_ACCESSIBLE_HOSTS );
if ( false !== strpos( WP_ACCESSIBLE_HOSTS, '*' ) ) {
$wildcard_regex = array();
foreach ( $accessible_hosts as $host ) {
$wildcard_regex[] = str_replace( '\*', '.+', preg_quote( $host, '/' ) );
}
$wildcard_regex = '/^(' . implode( '|', $wildcard_regex ) . ')$/i';
}
}
if ( ! empty( $wildcard_regex ) ) {
return ! preg_match( $wildcard_regex, $check['host'] );
} else {
return ! in_array( $check['host'], $accessible_hosts, true ); // Inverse logic, if it's in the array, then don't block it.
}
}
Expand full source codeCollapse full source codeView on TracView on GitHub
Changelog
| Version | Description |
|---|---|
| 2.8.0 | Introduced. |