Title: Cookie::parse_from_headers Published: March 29, 2023 Last modified: November 8, 2023 --- # Cookie::parse_from_headers( WpOrgRequestsResponseHeaders $headers, WpOrgRequestsIri|null $origin = null, int|null $time = null ): array ## In this article * [Parameters](https://developer.wordpress.org/reference/classes/wporg-requests-cookie/parse_from_headers/?output_format=md#parameters) * [Return](https://developer.wordpress.org/reference/classes/wporg-requests-cookie/parse_from_headers/?output_format=md#return) * [Source](https://developer.wordpress.org/reference/classes/wporg-requests-cookie/parse_from_headers/?output_format=md#source) [ Back to top](https://developer.wordpress.org/reference/classes/wporg-requests-cookie/parse_from_headers/?output_format=md#wp--skip-link--target) Parse all Set-Cookie headers from request headers ## 󠀁[Parameters](https://developer.wordpress.org/reference/classes/wporg-requests-cookie/parse_from_headers/?output_format=md#parameters)󠁿 `$headers`WpOrgRequestsResponseHeadersrequired Headers to parse from `$origin`WpOrgRequestsIri|nulloptional URI for comparing cookie origins Default:`null` `$time`int|nulloptional Reference time for expiration calculation Default:`null` ## 󠀁[Return](https://developer.wordpress.org/reference/classes/wporg-requests-cookie/parse_from_headers/?output_format=md#return)󠁿 array ## 󠀁[Source](https://developer.wordpress.org/reference/classes/wporg-requests-cookie/parse_from_headers/?output_format=md#source)󠁿 ```php * @throws \WpOrg\Requests\Exception\InvalidArgument When the passed $origin argument is not null or an instance of the Iri class. */ public static function parse_from_headers(Headers $headers, $origin = null, $time = null) { $cookie_headers = $headers->getValues('Set-Cookie'); if (empty($cookie_headers)) { return []; } if ($origin !== null && !($origin instanceof Iri)) { throw InvalidArgument::create(2, '$origin', Iri::class . ' or null', gettype($origin)); } $cookies = []; foreach ($cookie_headers as $header) { $parsed = self::parse($header, '', $time); // Default domain/path attributes if (empty($parsed->attributes['domain']) && !empty($origin)) { $parsed->attributes['domain'] = $origin->host; $parsed->flags['host-only'] = true; } else { $parsed->flags['host-only'] = false; } $path_is_valid = (!empty($parsed->attributes['path']) && $parsed->attributes['path'][0] === '/'); if (!$path_is_valid && !empty($origin)) { $path = $origin->path; // Default path normalization as per RFC 6265 section 5.1.4 if (substr($path, 0, 1) !== '/') { // If the uri-path is empty or if the first character of // the uri-path is not a %x2F ("/") character, output // %x2F ("/") and skip the remaining steps. $path = '/'; } elseif (substr_count($path, '/') === 1) { // If the uri-path contains no more than one %x2F ("/") // character, output %x2F ("/") and skip the remaining // step. $path = '/'; } else { // Output the characters of the uri-path from the first // character up to, but not including, the right-most // %x2F ("/"). $path = substr($path, 0, strrpos($path, '/')); } $parsed->attributes['path'] = $path; } // Reject invalid cookie domains if (!empty($origin) && !$parsed->domain_matches($origin->host)) { continue; } ``` [View all references](https://developer.wordpress.org/reference/files/wp-includes/requests/src/cookie.php/) [View on Trac](https://core.trac.wordpress.org/browser/tags/7.0/src/wp-includes/Requests/src/Cookie.php#L474) [View on GitHub](https://github.com/WordPress/wordpress-develop/blob/7.0/src/wp-includes/Requests/src/Cookie.php#L474-L526) ## User Contributed Notes You must [log in](https://login.wordpress.org/?redirect_to=https%3A%2F%2Fdeveloper.wordpress.org%2Freference%2Fclasses%2Fwporg-requests-cookie%2Fparse_from_headers%2F) before being able to contribute a note or feedback.