Determines whether an HTTP API request to the given URL should be blocked.
Description
Those who are behind a proxy and want to prevent access to certain hosts may do so. This will prevent plugins from working and core functionality, if you don’t include api.wordpress.org
.
You block external URL requests by defining WP_HTTP_BLOCK_EXTERNAL
as true in your wp-config.php
file and this will only allow localhost and your site to make requests. The constant WP_ACCESSIBLE_HOSTS
will allow additional hosts to go through for requests. The format of the WP_ACCESSIBLE_HOSTS
constant is a comma separated list of hostnames to allow, wildcard domains are supported, eg *.wordpress.org
will allow for all subdomains of wordpress.org
to be contacted.
Parameters
$uri
stringrequired- URI of url.
Source
public function block_request( $uri ) {
// We don't need to block requests, because nothing is blocked.
if ( ! defined( 'WP_HTTP_BLOCK_EXTERNAL' ) || ! WP_HTTP_BLOCK_EXTERNAL ) {
return false;
}
$check = parse_url( $uri );
if ( ! $check ) {
return true;
}
$home = parse_url( get_option( 'siteurl' ) );
// Don't block requests back to ourselves by default.
if ( 'localhost' === $check['host'] || ( isset( $home['host'] ) && $home['host'] === $check['host'] ) ) {
/**
* Filters whether to block local HTTP API requests.
*
* A local request is one to `localhost` or to the same host as the site itself.
*
* @since 2.8.0
*
* @param bool $block Whether to block local requests. Default false.
*/
return apply_filters( 'block_local_requests', false );
}
if ( ! defined( 'WP_ACCESSIBLE_HOSTS' ) ) {
return true;
}
static $accessible_hosts = null;
static $wildcard_regex = array();
if ( null === $accessible_hosts ) {
$accessible_hosts = preg_split( '|,\s*|', WP_ACCESSIBLE_HOSTS );
if ( str_contains( WP_ACCESSIBLE_HOSTS, '*' ) ) {
$wildcard_regex = array();
foreach ( $accessible_hosts as $host ) {
$wildcard_regex[] = str_replace( '\*', '.+', preg_quote( $host, '/' ) );
}
$wildcard_regex = '/^(' . implode( '|', $wildcard_regex ) . ')$/i';
}
}
if ( ! empty( $wildcard_regex ) ) {
return ! preg_match( $wildcard_regex, $check['host'] );
} else {
return ! in_array( $check['host'], $accessible_hosts, true ); // Inverse logic, if it's in the array, then don't block it.
}
}
Hooks
- apply_filters( ‘block_local_requests’,
bool $block ) Filters whether to block local HTTP API requests.
Changelog
Version | Description |
---|---|
2.8.0 | Introduced. |
User Contributed Notes
You must log in before being able to contribute a note or feedback.