rest_allowed_cors_headers
Filters the list of request headers that are allowed for REST API CORS requests.
The allowed headers are passed to the browser to specify which headers can be passed to the REST API. By default, we allow the Content-* headers needed to upload files to the media endpoints. As well as the Authorization and Nonce headers for allowing authentication.
Usage
add_filter( 'rest_allowed_cors_headers', 'wp_kama_rest_allowed_cors_headers_filter', 10, 2 ); /** * Function for `rest_allowed_cors_headers` filter-hook. * * @param string[] $allow_headers The list of request headers to allow. * @param WP_REST_Request $request The request in context. * * @return string[] */ function wp_kama_rest_allowed_cors_headers_filter( $allow_headers, $request ){ // filter... return $allow_headers; }
- $allow_headers(string[])
- The list of request headers to allow.
- $request(WP_REST_Request)
- The request in context.
Changelog
Since 5.5.0 | Introduced. |
Since 6.3.0 | The $request parameter was added. |
Where the hook is called
rest_allowed_cors_headers
wp-includes/rest-api/class-wp-rest-server.php 432
$allow_headers = apply_filters( 'rest_allowed_cors_headers', $allow_headers, $request );