Title: WP_Customize_Manager::get_allowed_urls Published: December 7, 2016 Last modified: May 20, 2026 --- # WP_Customize_Manager::get_allowed_urls(): array ## In this article * [Description](https://developer.wordpress.org/reference/classes/wp_customize_manager/get_allowed_urls/?output_format=md#description) * [Return](https://developer.wordpress.org/reference/classes/wp_customize_manager/get_allowed_urls/?output_format=md#return) * [Source](https://developer.wordpress.org/reference/classes/wp_customize_manager/get_allowed_urls/?output_format=md#source) * [Hooks](https://developer.wordpress.org/reference/classes/wp_customize_manager/get_allowed_urls/?output_format=md#hooks) * [Related](https://developer.wordpress.org/reference/classes/wp_customize_manager/get_allowed_urls/?output_format=md#related) * [Changelog](https://developer.wordpress.org/reference/classes/wp_customize_manager/get_allowed_urls/?output_format=md#changelog) [ Back to top](https://developer.wordpress.org/reference/classes/wp_customize_manager/get_allowed_urls/?output_format=md#wp--skip-link--target) Gets URLs allowed to be previewed. ## 󠀁[Description](https://developer.wordpress.org/reference/classes/wp_customize_manager/get_allowed_urls/?output_format=md#description)󠁿 If the front end and the admin are served from the same domain, load the preview over ssl if the Customizer is being loaded over ssl. This avoids insecure content warnings. This is not attempted if the admin and front end are on different domains to avoid the case where the front end doesn’t have ssl certs. Domain mapping plugins can allow other urls in these conditions using the customize_allowed_urls filter. ## 󠀁[Return](https://developer.wordpress.org/reference/classes/wp_customize_manager/get_allowed_urls/?output_format=md#return)󠁿 array Allowed URLs. ## 󠀁[Source](https://developer.wordpress.org/reference/classes/wp_customize_manager/get_allowed_urls/?output_format=md#source)󠁿 ```php public function get_allowed_urls() { $allowed_urls = array( home_url( '/' ) ); if ( is_ssl() && ! $this->is_cross_domain() ) { $allowed_urls[] = home_url( '/', 'https' ); } /** * Filters the list of URLs allowed to be clicked and followed in the Customizer preview. * * @since 3.4.0 * * @param string[] $allowed_urls An array of allowed URLs. */ $allowed_urls = array_unique( apply_filters( 'customize_allowed_urls', $allowed_urls ) ); return $allowed_urls; } ``` [View all references](https://developer.wordpress.org/reference/files/wp-includes/class-wp-customize-manager.php/) [View on Trac](https://core.trac.wordpress.org/browser/tags/7.0/src/wp-includes/class-wp-customize-manager.php#L4657) [View on GitHub](https://github.com/WordPress/wordpress-develop/blob/7.0/src/wp-includes/class-wp-customize-manager.php#L4657-L4674) ## 󠀁[Hooks](https://developer.wordpress.org/reference/classes/wp_customize_manager/get_allowed_urls/?output_format=md#hooks)󠁿 [apply_filters( ‘customize_allowed_urls’, string[] $allowed_urls )](https://developer.wordpress.org/reference/hooks/customize_allowed_urls/) Filters the list of URLs allowed to be clicked and followed in the Customizer preview. ## 󠀁[Related](https://developer.wordpress.org/reference/classes/wp_customize_manager/get_allowed_urls/?output_format=md#related)󠁿 | Uses | Description | | [WP_Customize_Manager::is_cross_domain()](https://developer.wordpress.org/reference/classes/wp_customize_manager/is_cross_domain/)`wp-includes/class-wp-customize-manager.php` | Determines whether the admin and the frontend are on different domains. | | [is_ssl()](https://developer.wordpress.org/reference/functions/is_ssl/)`wp-includes/load.php` | Determines if SSL is used. | | [home_url()](https://developer.wordpress.org/reference/functions/home_url/)`wp-includes/link-template.php` | Retrieves the URL for the current site where the front end is accessible. | | [apply_filters()](https://developer.wordpress.org/reference/functions/apply_filters/)`wp-includes/plugin.php` | Calls the callback functions that have been added to a filter hook. | [Show 2 more](https://developer.wordpress.org/reference/classes/wp_customize_manager/get_allowed_urls/?output_format=md#) [Show less](https://developer.wordpress.org/reference/classes/wp_customize_manager/get_allowed_urls/?output_format=md#) | Used by | Description | | [WP_Customize_Manager::add_state_query_params()](https://developer.wordpress.org/reference/classes/wp_customize_manager/add_state_query_params/)`wp-includes/class-wp-customize-manager.php` | Adds customize state query params to a given URL if preview is allowed. | | [WP_Customize_Manager::customize_pane_settings()](https://developer.wordpress.org/reference/classes/wp_customize_manager/customize_pane_settings/)`wp-includes/class-wp-customize-manager.php` | Prints JavaScript settings for parent window. | | [WP_Customize_Manager::customize_preview_settings()](https://developer.wordpress.org/reference/classes/wp_customize_manager/customize_preview_settings/)`wp-includes/class-wp-customize-manager.php` | Prints JavaScript settings for preview frame. | ## 󠀁[Changelog](https://developer.wordpress.org/reference/classes/wp_customize_manager/get_allowed_urls/?output_format=md#changelog)󠁿 | Version | Description | | [4.7.0](https://developer.wordpress.org/reference/since/4.7.0/) | Introduced. | ## User Contributed Notes You must [log in](https://login.wordpress.org/?redirect_to=https%3A%2F%2Fdeveloper.wordpress.org%2Freference%2Fclasses%2Fwp_customize_manager%2Fget_allowed_urls%2F) before being able to contribute a note or feedback.