W3cubDocs

/WordPress

rest_send_cors_headers( mixed $value )

Sends Cross-Origin Resource Sharing headers with API requests.

Parameters

$value: (mixed) (Required) Response data.

Return

(mixed) Response data.

Source

File: wp-includes/rest-api.php

function rest_send_cors_headers( $value ) {
	$origin = get_http_origin();

	if ( $origin ) {
		// Requests from file:// and data: URLs send "Origin: null".
		if ( 'null' !== $origin ) {
			$origin = esc_url_raw( $origin );
		}
		header( 'Access-Control-Allow-Origin: ' . $origin );
		header( 'Access-Control-Allow-Methods: OPTIONS, GET, POST, PUT, PATCH, DELETE' );
		header( 'Access-Control-Allow-Credentials: true' );
		header( 'Vary: Origin', false );
	} elseif ( ! headers_sent() && 'GET' === $_SERVER['REQUEST_METHOD'] && ! is_user_logged_in() ) {
		header( 'Vary: Origin', false );
	}

	return $value;
}

Uses

Uses	Description
wp-includes/formatting.php: esc_url_raw()	Performs esc_url() for database usage.
wp-includes/pluggable.php: is_user_logged_in()	Determines whether the current visitor is a logged in user.
wp-includes/http.php: get_http_origin()	Get the HTTP Origin of the current request.

Changelog

Version	Description
4.4.0	Introduced.

© 2003–2019 WordPress Foundation
Licensed under the GNU GPLv2+ License.
https://developer.wordpress.org/reference/functions/rest_send_cors_headers