Set CORS Headers

  • Resolved workforpizza

    (@workforpizza)


    5 years, 6 months ago

    Hey there,

    I added my own CORS Allow-Origin: “*” Headers to the WP-API to enable it for hybrid app usage. I did this with the following code:

    
function wfp_rest_cors() {
	remove_filter( 'rest_pre_serve_request', 'rest_send_cors_headers' );
	add_filter( 'rest_pre_serve_request', function( $value ) {
		header( 'Access-Control-Allow-Origin: *' );
		header( 'Access-Control-Allow-Methods: GET' );
		header( 'Access-Control-Allow-Credentials: true' );
        header( 'Access-Control-Expose-Headers: Link', false );
        header( 'Access-Control-Allow-Headers: X-Requested-With' );
		return $value;
	} );
}
add_action( 'rest_api_init', 'wfp_rest_cors', 15 );

    After enabling the plugin these headers were only sent on the first (non cached) response, but never with the cached response. Since probably the ‘rest_api_ini’ hook isn’t used there.

    I saw in Update 2019.1.6, that filters were added to manipulate these headers. But I somehow couldn’t figure out how to set the headers like above. Is there a code-example of how to add/overwrite headers using this filter?

    Currently the only way I got it to work is by hard coding these headers into the plugin – which is obviously bad practice and should be avoided, so I would appreciate any help into the right direction.

    Thanks a lot – Great Plugin! – And have a nice day.

    Florian,

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Author Acato

    (@acato)

    Hi @workforpizza

    Thank you for using our plugin!

    You can indeed manipulate these headers using filters. There are two filters you can use: wp_rest_cache/cache_headers and/or wp_rest_cache/cache_header. Examples of how to use them:

    Adding new headers:

    function wprc_manipulate_cache_headers( $headers, $request_uri ) {
    // manipulate the headers here, for example add a Access-Control-Allow-Headers header:
    $headers['Access-Control-Allow-Headers'] = 'X-Requested-With';

    return $headers;
}
add_filter( 'wp_rest_cache/cache_headers', 'wprc_manipulate_cache_headers', 10, 2 );

    Manipulate an existing header (can in fact also be done with the wp_rest_cache/cache_headers, but just as a different example):

    function wprc_manipulate_existing_cache_header( $header_value, $header_key, $request_uri ) {
    if( 'Access-Control-Expose-Headers' === $header_key ) {
        $header_value = 'X-WP-Total';
    }
    return $header_value;
}
add_filter( 'wp_rest_cache/cache_header', 'wprc_manipulate_existing_cache_header', 10, 3 );

    Please keep in mind that you should flush the cache in order for these filters to have any effect.

    Let us know if this solved your issue or if you need any extra help!

    Plugin Author Acato

    (@acato)

    This thread has been marked as resolved due to lack of activity.

    You’re always welcome to open a new topic.

    Thanks for understanding!

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Set CORS Headers’ is closed to new replies.