W3cubDocs

/WordPress

apply_filters( ‘rest_allowed_cors_headers’, string[] $allow_headers, WP_REST_Request $request )

Filters the list of request headers that are allowed for REST API CORS requests.

Description

The allowed headers are passed to the browser to specify which headers can be passed to the REST API. By default, we allow the Content-* headers needed to upload files to the media endpoints.
As well as the Authorization and Nonce headers for allowing authentication.

Parameters

$allow_headersstring[]: The list of request headers to allow.
$requestWP_REST_Request: The request in context.

Source

$allow_headers = apply_filters( 'rest_allowed_cors_headers', $allow_headers, $request );

View all references View on Trac View on GitHub

Changelog

Version	Description
6.3.0	The `$request` parameter was added.
5.5.0	Introduced.

© 2003–2024 WordPress Foundation
Licensed under the GNU GPLv2+ License.
https://developer.wordpress.org/reference/hooks/rest_allowed_cors_headers