WordPress WP REST API limiting requests by domain
Question
This seems like it would be more obvious. I use WordPress to manage content for an external site. The WordPress content is displayed via the WP REST API and I display content with ajax and JS to this remote site. (eg https://example.com//wp-json/wp/v2/pages/23 ). Everything is on SSL and it all works great. How can I simply make it so this ajax GET request is only allowed from a certain domain - the remote site? The WP API is only used to display data.
1 answers
solution1
5 2017-05-11 21:54:04
I just had look at the php server variables and figure this out. $_SERVER['HTTP_ORIGIN']; was the one that I grab. Works like a charm!
add_filter( 'rest_authentication_errors', 'gc_filter_incoming_connections' );
function gc_filter_incoming_connections( $errors ){
$allowed_origins = array('https://www.example.com'); // url that you want to access your WP REST API
$request_origin = $_SERVER['HTTP_ORIGIN'];
if( ! in_array( $request_origin, $allowed_origins ) )
return new WP_Error( 'forbidden_access', 'Access denied', array( 'status' => 403 ) );
return $errors;
}
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.