rest_send_cors_headers() WordPress Function

The rest_send_cors_headers() function sends CORS headers to allow cross-origin requests from specified domains. This function should be called before any other output is sent, so that the headers can be sent before any content.

rest_send_cors_headers( mixed $value ) #

Sends Cross-Origin Resource Sharing headers with API requests.

Contents

Parameters

$value

(mixed)(Required)Response data.

Top ↑

Return

(mixed) Response data.

Top ↑

Source

File: wp-includes/rest-api.php

function rest_send_cors_headers( $value ) {
	$origin = get_http_origin();

	if ( $origin ) {
		// Requests from file:// and data: URLs send "Origin: null".
		if ( 'null' !== $origin ) {
			$origin = esc_url_raw( $origin );
		}
		header( 'Access-Control-Allow-Origin: ' . $origin );
		header( 'Access-Control-Allow-Methods: OPTIONS, GET, POST, PUT, PATCH, DELETE' );
		header( 'Access-Control-Allow-Credentials: true' );
		header( 'Vary: Origin', false );
	} elseif ( ! headers_sent() && 'GET' === $_SERVER['REQUEST_METHOD'] && ! is_user_logged_in() ) {
		header( 'Vary: Origin', false );
	}

	return $value;
}

Expand full source codeCollapse full source codeView on TracView on GitHub

Top ↑

Top ↑

Changelog

Changelog
VersionDescription
4.4.0Introduced.
Download the latest version of WordPress from https://wordpress.org/

The content displayed on this page has been created in part by processing WordPress source code files which are made available under the GPLv2 (or a later version) license by theĀ Free Software Foundation. In addition to this, the content includes user-written examples and information. All material is subject to review and curation by the WPPaste.com community.

Show More