Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
CORS for the WordPress REST API
<?php
function my_customize_rest_cors() {
remove_filter( 'rest_pre_serve_request', 'rest_send_cors_headers' );
add_filter( 'rest_pre_serve_request', function( $value ) {
header( 'Access-Control-Allow-Origin: *' );
header( 'Access-Control-Allow-Methods: GET' );
header( 'Access-Control-Allow-Credentials: true' );
header( 'Access-Control-Expose-Headers: Link', false );
return $value;
} );
}
add_action( 'rest_api_init', 'my_customize_rest_cors', 15 );
@JurajVajda

This comment has been minimized.

Copy link

@JurajVajda JurajVajda commented Jun 12, 2018

how to use this file, where should i add it ?

@castilloedwin

This comment has been minimized.

Copy link

@castilloedwin castilloedwin commented Jun 13, 2018

This header is also necessary.

header( 'Access-Control-Allow-Headers: X-Requested-With' );

@manoharkumarsingh

This comment has been minimized.

Copy link

@manoharkumarsingh manoharkumarsingh commented Oct 5, 2018

function my_customize_rest_cors() {
remove_filter( 'rest_pre_serve_request', 'rest_send_cors_headers' );
add_filter( 'rest_pre_serve_request', function( $value ) {
header( 'Access-Control-Allow-Origin: *' );
header( 'Access-Control-Allow-Methods: GET' );
header( 'Access-Control-Allow-Credentials: true' );
header( 'Access-Control-Expose-Headers: Link', false );
return $value;
} );
}
add_action( 'rest_api_init', 'my_customize_rest_cors', 15 );

Where i have to put this code

@saimunhossain

This comment has been minimized.

Copy link

@saimunhossain saimunhossain commented Oct 29, 2018

where should I put this code?

@yuriitaran

This comment has been minimized.

Copy link

@yuriitaran yuriitaran commented Nov 11, 2018

where should I put this code?

In functions.php

@JaakkoKarhu

This comment has been minimized.

Copy link

@JaakkoKarhu JaakkoKarhu commented Jan 11, 2019

For me this does not work, it just adds one more origin

I posted a question with more details to Stack Overflow

@ovidiojosearteaga

This comment has been minimized.

Copy link

@ovidiojosearteaga ovidiojosearteaga commented Jun 27, 2019

Hi, the code worked for me. I put the code in a custom plugin for a specific WordPress project. Thanks.

@Ghostfly

This comment has been minimized.

Copy link

@Ghostfly Ghostfly commented Jul 24, 2019

Thanks !! Works perfectly well with Wordpress latest !

@a-barbieri

This comment has been minimized.

@ntnbst

This comment has been minimized.

Copy link

@ntnbst ntnbst commented Mar 19, 2020

Thanks, It worked 👍

@federicolucca

This comment has been minimized.

Copy link

@federicolucca federicolucca commented Apr 18, 2020

Thanks, after 2 crazy day you save me

@mtrabelsi

This comment has been minimized.

Copy link

@mtrabelsi mtrabelsi commented May 24, 2020

does it has something to do with WooCommerce ? it seems not

@Ghostfly

This comment has been minimized.

Copy link

@Ghostfly Ghostfly commented May 24, 2020

@mtrabelsi What is your point there? This is to add the missing CORS headers to WP-json, in short, yes it can be linked to WooCommerce, depending on your use.

@jayllellis

This comment has been minimized.

Copy link

@jayllellis jayllellis commented Jul 23, 2020

You are a lifesaver! Thank you!

@eikito

This comment has been minimized.

Copy link

@eikito eikito commented Oct 9, 2020

Hi, I have a problem with several Access-Control-Allow headers additionally to already existing one (highlighted in orange in attached Screenshot). Could this my_customize_rest_cors function help to solve my problem?

Access-Control-Allow-headers-additionally-to-already-existing-ones

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment