Filters the list of request headers that are allowed for REST API CORS requests.
Description
The allowed headers are passed to the browser to specify which headers can be passed to the REST API. By default, we allow the Content-* headers needed to upload files to the media endpoints.
As well as the Authorization and Nonce headers for allowing authentication.
Parameters
$allow_headers
string[]- The list of request headers to allow.
$request
WP_REST_Request- The request in context.
Source
$allow_headers = apply_filters( 'rest_allowed_cors_headers', $allow_headers, $request );
You can remove specific headers using a snippet like the one below