WordPress

How to enable CORS in WordPress?

BIG linden / Support Docs / How to enable CORS in WordPress?
Posted: December 17, 2022 /
Last edit: March 17, 2023
(9 months ago)

WordPress

How to enable CORS in WordPress?

Q:

We are trying to enable Cross-Origin Resource Sharing (CORS) on our WordPress site so we can make use of the third-party content. How do you set up CORS in WordPress? How can I customize the Access-Control-Allow-Headers property for my WordPress API?

Issue

The client is looking for information about customizing the Access-Control-Allow-Headers (CORS) property for their WordPress API and needs help setting up cross origin resource sharing, or CORS, on their WordPress website.

Possible solution

Setting up CORS in WordPress is not difficult, and can be done in a few simple steps.

You can achieve this by setting up a header CORS function, enabling it using the rest_pre_serve_request filter, and allowing multiple origins if necessary. However, they should thoroughly test whatever policy they use before deploying it on their website in order to avoid any potential issues with functionality or security.

You can easily set whatever CORS policy you want either directly on your server, or via WordPress functions.

Below is a tutorial on how to customize the Access-Control-Allow-Headers property for your WordPress REST API via your theme’s functions.php file:

Be sure to thoroughly test whatever policy you end up using though, so you don’t inadvertently deliver a broken website to the client.

How to enable CORS in WordPress

To set up Cross-Origin Resource Sharing (CORS) on your WordPress website, see below.

Time needed: 3 minutes

There are numerous options to enable CORS, but the easiest approach is to use a basic custom function. Instructions for how to enable CORS in WordPress.

  1. Use a custom function, fastest way to enable CORS in WordPress:


    function add_cors_http_header(){
    header(“Access-Control-Allow-Origin: *”);
    }
    add_action(‘init’,’add_cors_http_header’);

    Be sure not to use any combinations of these ( .htaccess, header.php, api.php, functions.php ) as it will cause redirect and/or critical errors.

  2. QA the site

    Be sure to QA client sites on 2 devices, at minimum (multiple networks are preferred).

Developer preferred method for allowing multiple origins

It sounds like your use case is that you want to be able to connect a couple different data sources and enable them to talk to one another, without opening the door to the entire world.

If that’s the case, and you want to Allow Multiple Origins on your CORS policy for the WordPress API, this custom function should do the trick, with no plugins or other tools necessary.

function initCors( $value ) {
  $origin = get_http_origin();
  $allowed_origins = [ 'site1.example.com', 'site2.example.com', 'localhost:3000' ];

  if ( $origin && in_array( $origin, $allowed_origins ) ) {
    header( 'Access-Control-Allow-Origin: ' . esc_url_raw( $origin ) );
    header( 'Access-Control-Allow-Methods: GET' );
    header( 'Access-Control-Allow-Credentials: true' );
  }

  return $value;
}

This code is a variation of the custom functions offered by Ruben Leija on his blog post ‘How to enable CORS on your WordPress REST API’.

Additional reading

  • This recent support thread about the necessity of CORS policies in the API and potential vulnerabilities
  • Very recent vulnerability submission using JSON and the API; typical cross-origin
  • Read about enabling CORS for Bitnami – probably not a package you’re working with on our network, but still very relevant information on the general topic of enabling CORS for WordPress
  • “CORs in Action” by Monsur Hossain – available from Simon & Schuster. “CORS in Action introduces Cross-Origin Resource Sharing (CORS) from both the server and the client perspective. It starts with the basics: how to make CORS requests and how to implement CORS on the server. It then explores key details such as performance, debugging, and security.”

More articles about WordPress

More articles related to .

All Insight & Articles related to WordPress.

All Support Docs related to WordPress.

WordPress Logo in white letters on black background - used here to symbolize the topic (WordPress) and graphically represent the WordPress topic

Table of Contents

Explore other support docs related to WordPress

WordPress Logo in white letters on black background - used here to symbolize the topic (WordPress) and graphically represent the WordPress topic

On Dreamhost, our WordPress site is very slow

5 days ago

WordPress Logo in white letters on black background - used here to symbolize the topic (WordPress) and graphically represent the WordPress topic

How to use Redis to speed up your slow WordPress website

7 months ago

WordPress Logo in white letters on black background - used here to symbolize the topic (WordPress) and graphically represent the WordPress topic

How to connect GoDaddy to our WordPress website?

7 months ago

WordPress Logo in white letters on black background - used here to symbolize the topic (WordPress) and graphically represent the WordPress topic

What can we do to address hosting issues with our website?

8 months ago

Should we migrate from WordPress to Webflow?

7 months ago

Continue Reading How to enable CORS in WordPress?

Capabilities related to WordPress:

WordPress Solutions

WordPress Security

Prevent attacks, regain control of your WordPress website with Enterprise security solutions.
WordPress Security
WordPress Migration Services

Wix to WordPress Migration

Move your website from Wix to WordPress and get the website you need.
Wix to WordPress Migration
WordPress Migration Services

Drupal to WordPress Migration

Switch from Drupal to WordPress for your website.
Drupal to WordPress Migration

Digital Marketing

WordPress Solutions

Capabilities

Recent Insight

Recent Support Docs

BIG linden

contact us

washington dc

3033 Wilson Blvd
Arlington VA 22201

los angeles

111 West Ocean Boulevard
Long beach, CA 90802, USA

Chicago

332 S Michigan Ave
Chicago, IL 60604

london

1 Ropemaker Street
London, EC2Y 9HT

RFP Submissions

[email protected]

WordPress Solutions

Digital Marketing

Our Capabilities

Recent Insight

Recent Support Docs

BIG linden

contact us

washington dc

3033 Wilson Blvd
Arlington VA 22201

los angeles

111 West Ocean Boulevard
Long beach, CA 90802, USA

Chicago

332 S Michigan Ave
Chicago, IL 60604

london

1 Ropemaker Street
London, EC2Y 9HT

built with <3
© 2023 biglinden - All Rights Reserved

Capabilities

Digital Marketing

Strategy

Campaign Planning

Multi-Channel Campaigns

Content Marketing

Paid Media

PPC

Social Media

Social Strategy

Search Marketing

Digital Media

PR & Outreach

Influencer Marketing

Digital Media Buying

Retargeting / Remarketing

Video Production

WordPress Solutions

WordPress Development

Social Media

Social Strategy

Social Content

Social Management

Paid Social

Data & AI

AI & Machine Learning

AI for Business

Intent & Prediction

Competitor Insight

REQUEST A 1:1 CONSULTATION

Get a FREE 30 minute 1:1 consult with a BIG consultant and get a FREE 7 page report on making digital work in your organization with key insight into paths for success and playbooks just for your unique needs.

Please understand not all requests can be met. Please contact us with any questions.