The simplest is just to hook to 'allowed_http_origin' and call __return_true(), e.g.:
<?php add_filter( 'allowed_http_origin', '__return_true' ); ?>
Or if you want to limit your application to requests from specific domains (a very good idea), hook to 'allowed_http_origins' (note the plural).
The most flexible way is to hook to wp_headers and add all the CORs headers your application requires, e.g.
<?php add_filter( 'wp_headers', array( 'eg_send_cors_headers' ), 11, 1 );
function eg_send_cors_headers( $headers )
{ $headers['Access-Control-Allow-Origin'] = get_http_origin(); // Can't use wildcard origin for credentials requests, instead set it to the requesting origin
$headers['Access-Control-Allow-Credentials'] = 'true'; // Access-Control headers are received during OPTIONS requests
if ( 'OPTIONS' == $_SERVER['REQUEST_METHOD'] )
{ if ( isset( $_SERVER['HTTP_ACCESS_CONTROL_REQUEST_METHOD'] ) )
{ $headers['Access-Control-Allow-Methods'] = 'GET, POST, OPTIONS'; }
if ( isset( $_SERVER['HTTP_ACCESS_CONTROL_REQUEST_HEADERS'] ) )
{ $headers['Access-Control-Allow-Headers'] = $_SERVER['HTTP_ACCESS_CONTROL_REQUEST_HEADERS']; }
}
return $headers; }
If you are using json-api wordpress plugin to expose api, then follow these steps:
1: Go to your plugin location (ex: /wp-content/plugins/json-api)
2: Go to /wp-content/plugins/json-api/singletons
3: Find api.php
4: Add header("Access-Control-Allow-Origin: *"); after <?php tag
ex:
<?php
header("Access-Control-Allow-Origin: *");
class JSON_API {
function __construct() {
$this->query = new JSON_API_Query();
$this->introspector = new JSON_API_Introspector();
$this->response = new JSON_API_Response();
add_action('template_redirect', array(&$this, 'template_redirect'));
add_action('admin_menu', array(&$this, 'admin_menu'));
add_action('update_option_json_api_base', array(&$this, 'flush_rewrite_rules'));
add_action('pre_update_option_json_api_controllers', array(&$this, 'update_controllers'));
}
Leave a Reply