shelob9/jp-rest-access

Sets CORS headers, and allows offest in posts route, with max post per page for WordPress REST API (WP-API).

dev-master 2014-11-07 22:29 UTC

This package is auto-updated.

Last update: 2024-12-08 08:31:55 UTC


README

Adds common access and security filters for the WordPress REST API (WP REST).

It does the following:

  1. Sets a cross-domain CORS header for the API to prevent cross-domain errors when accessing from a diffrent domain. By default it allows all domains ("*"). You can set another domain or any array of domains with the "jp_rest_access_cors" filter.
  2. Allows for requests to the posts route to use the offset filter, without pagination.
  3. Sets a maximum amount of posts that can be requested at once from the posts endpoint. By default the max is 20, that value can be changed with the "jp_rest_access_max_posts_per_page" filter. Prevents someone from trying to DDOS a site with a lot of posts by requesting a ton of posts_per_page.

Installation

This is not a plugin. It's a composer library. Add "shelob9/jp-rest-access": "dev-master" to your site/plugin/theme's composer.json.

Controlling Cross-Orgin Domain (CORS) Headers

  • Allow from any domain This it the dfault behaviour

  • Allow from one domain

add_filter( 'jp_rest_access_cors', function( $domains ) {
	return 'http://somedomain.com';
});
  • Allow from two domains
add_filter( 'jp_rest_access_cors', function( $domains ) {
	return array( 'http://somedomain.com', 'http://another_url.com' );
});

Limiting the Max Number of Posts Per Request

add_filter( 'jp_rest_access_max_posts_per_page', function( $max_posts ) {
  return 5;
}```

### License
Copyright 2014 Josh Pollock. Licensed under the terms of the GNU General public license version 2. Please share with your neighbor.