shelob9 / jp-rest-access
Sets CORS headers, and allows offest in posts route, with max post per page for WordPress REST API (WP-API).
dev-master
2014-11-07 22:29 UTC
Requires
- php: >=5.3.0
- composer/installers: ~1.0.0
This package is auto-updated.
Last update: 2024-11-08 08:18:51 UTC
README
Adds common access and security filters for the WordPress REST API (WP REST).
It does the following:
- Sets a cross-domain CORS header for the API to prevent cross-domain errors when accessing from a diffrent domain. By default it allows all domains ("*"). You can set another domain or any array of domains with the "jp_rest_access_cors" filter.
- Allows for requests to the posts route to use the offset filter, without pagination.
- Sets a maximum amount of posts that can be requested at once from the posts endpoint. By default the max is 20, that value can be changed with the "jp_rest_access_max_posts_per_page" filter. Prevents someone from trying to DDOS a site with a lot of posts by requesting a ton of posts_per_page.
Installation
This is not a plugin. It's a composer library. Add "shelob9/jp-rest-access": "dev-master"
to your site/plugin/theme's composer.json.
Controlling Cross-Orgin Domain (CORS) Headers
-
Allow from any domain This it the dfault behaviour
-
Allow from one domain
add_filter( 'jp_rest_access_cors', function( $domains ) { return 'http://somedomain.com'; });
- Allow from two domains
add_filter( 'jp_rest_access_cors', function( $domains ) { return array( 'http://somedomain.com', 'http://another_url.com' ); });
Limiting the Max Number of Posts Per Request
add_filter( 'jp_rest_access_max_posts_per_page', function( $max_posts ) { return 5; }``` ### License Copyright 2014 Josh Pollock. Licensed under the terms of the GNU General public license version 2. Please share with your neighbor.