rest_allowed_cors_headers filter-hook . WP 5.5.0

Filters the list of request headers that are allowed for REST API CORS requests.

The allowed headers are passed to the browser to specify which headers can be passed to the REST API. By default, we allow the Content-* headers needed to upload files to the media endpoints. As well as the Authorization and Nonce headers for allowing authentication.

Usage

add_filter( 'rest_allowed_cors_headers', 'filter_function_name_3055' );
function filter_function_name_3055( $allow_headers ){
	// filter...

	return $allow_headers;
}

$allow_headers(string[]): The list of request headers to allow.

Changelog

Since 5.5.0

Introduced.

Where the hook is called

WP_REST_Server::serve_request()

rest_exposed_cors_headers

rest_allowed_cors_headers

rest_send_nocache_headers

rest_enabled

rest_jsonp_enabled

rest_post_dispatch

rest_pre_serve_request

rest_pre_echo_response

wp-includes/rest-api/class-wp-rest-server.php 315

$allow_headers = apply_filters( 'rest_allowed_cors_headers', $allow_headers );

Where in WP core the hook is used WordPress

Usage not found.