WordPress Hooks Explorer

Filter hook 'rest_allowed_cors_headers'

in WP Core File wp-includes/rest-api/class-wp-rest-server.php at line 432

View Source

rest_allowed_cors_headers

Filter Hook
Description
Filters the list of request headers that are allowed for REST API CORS requests. The allowed headers are passed to the browser to specify which headers can be passed to the REST API. By default, we allow the Content-* headers needed to upload files to the media endpoints. As well as the Authorization and Nonce headers for allowing authentication.

Hook Information

File Location wp-includes/rest-api/class-wp-rest-server.php View on GitHub
Hook Type Filter
Line Number 432

Hook Parameters

Type Name Description
string[] $allow_headers The list of request headers to allow.
WP_REST_Request $request The request in context.

Usage Examples

Basic Usage 
<?php
// Hook into rest_allowed_cors_headers
add_filter('rest_allowed_cors_headers', 'my_custom_filter', 10, 2);

function my_custom_filter($allow_headers, $request) {
    // Your custom filtering logic here
    return $allow_headers;
}

Source Code Context

wp-includes/rest-api/class-wp-rest-server.php:432 - How this hook is used in WordPress core 
<?php
 427  		 * @since 6.3.0 The `$request` parameter was added.
 428  		 *
 429  		 * @param string[]        $allow_headers The list of request headers to allow.
 430  		 * @param WP_REST_Request $request       The request in context.
 431  		 */
 432  		$allow_headers = apply_filters( 'rest_allowed_cors_headers', $allow_headers, $request );
 433  
 434  		$this->send_header( 'Access-Control-Allow-Headers', implode( ', ', $allow_headers ) );
 435  
 436  		$result = $this->check_authentication();
 437

PHP Documentation

<?php
/**
		 * Filters the list of request headers that are allowed for REST API CORS requests.
		 *
		 * The allowed headers are passed to the browser to specify which
		 * headers can be passed to the REST API. By default, we allow the
		 * Content-* headers needed to upload files to the media endpoints.
		 * As well as the Authorization and Nonce headers for allowing authentication.
		 *
		 * @since 5.5.0
		 * @since 6.3.0 The `$request` parameter was added.
		 *
		 * @param string[]        $allow_headers The list of request headers to allow.
		 * @param WP_REST_Request $request       The request in context.
		 */
Quick Info
  • Hook Type: Filter
  • Parameters: 2
  • File: wp-includes/rest-api/class-wp-rest-server.php
Links
WordPress Docs View Source Code Search Examples
Related Hooks

Related hooks will be displayed here in future updates.