Browsers restrict cross-origin HTTP requests initiated from scripts.
API_SECURITY_CORS_ENABLE
CORS support can be enabled by setting this constant in your wp-config.php file to TRUE.
define( 'API_SECURITY_CORS_ENABLE', true );api_security_allow_origin – Filter allows you to change the allowed HTTP origin result.
add_filter( 'api_security_allow_origin', function() {
return 'https://myblog.com';
});api_security_allowed_http_origins – You can support many domains access using this filter.
Do not use api_security_allow_origin filter at the same time as it will break.
add_filter( 'api_security_allowed_http_origins', function( $allowed_origins ) {
$allowed_origins[] = 'https://myblog.com'; // Replace with your origin.
return $allowed_origins;
} );api_security_http_allowed_safe_ports – Controls the list of ports considered safe for accessing the API, enabling external requests for the HTTP request.
You can change the list of ports considered safe for accessing the REST API. The ports can also be restricted by the host and/or requested URL.
Parameters
$allowed_ports(array) – An array of integers representing valid ports.$host(string) – The host name of the requested URL.$url(string) – The requested URL.
add_filter( 'api_security_http_allowed_safe_ports', function( $ports ) {
$ports[] = 3000;
// Remove port 80 from the list of allowed ports.
$ports = array_diff($ports, array(80));
// Restrict allowed ports for example.com
if ($host === 'example.com') {
$ports = array(80, 443);
}
// Allow port 8080 for URLs that contain "custom".
if (strpos($url, 'custom') !== false) {
$ports[] = 8080;
}
return $ports;
});api_security_cors_allowed_methods – Filter the allowed methods for unauthorized requests. GET is set only by default.
add_filter( 'api_security_cors_allowed_methods', function( $methods ) {
$methods = array( 'GET', 'POST', 'PUT', 'PATCH', 'DELETE' );
return $methods;
}, 10, 1 );