WP_Http::block_request( string $uri )
Determines whether an HTTP API request to the given URL should be blocked.
Description
Those who are behind a proxy and want to prevent access to certain hosts may do so. This will prevent plugins from working and core functionality, if you don’t include api.wordpress.org
.
You block external URL requests by defining WP_HTTP_BLOCK_EXTERNAL
as true in your wp-config.php
file and this will only allow localhost and your site to make requests. The constant WP_ACCESSIBLE_HOSTS
will allow additional hosts to go through for requests. The format of the WP_ACCESSIBLE_HOSTS
constant is a comma separated list of hostnames to allow, wildcard domains are supported, eg *.wordpress.org
will allow for all subdomains of wordpress.org
to be contacted.
Parameters
- $uri
-
(string) (Required) URI of url.
Return
(bool) True to block, false to allow.
Source
File: wp-includes/class-http.php
public function block_request( $uri ) { // We don't need to block requests, because nothing is blocked. if ( ! defined( 'WP_HTTP_BLOCK_EXTERNAL' ) || ! WP_HTTP_BLOCK_EXTERNAL ) { return false; } $check = parse_url( $uri ); if ( ! $check ) { return true; } $home = parse_url( get_option( 'siteurl' ) ); // Don't block requests back to ourselves by default. if ( 'localhost' === $check['host'] || ( isset( $home['host'] ) && $home['host'] == $check['host'] ) ) { /** * Filters whether to block local HTTP API requests. * * A local request is one to `localhost` or to the same host as the site itself. * * @since 2.8.0 * * @param bool $block Whether to block local requests. Default false. */ return apply_filters( 'block_local_requests', false ); } if ( ! defined( 'WP_ACCESSIBLE_HOSTS' ) ) { return true; } static $accessible_hosts = null; static $wildcard_regex = array(); if ( null === $accessible_hosts ) { $accessible_hosts = preg_split( '|,\s*|', WP_ACCESSIBLE_HOSTS ); if ( false !== strpos( WP_ACCESSIBLE_HOSTS, '*' ) ) { $wildcard_regex = array(); foreach ( $accessible_hosts as $host ) { $wildcard_regex[] = str_replace( '\*', '.+', preg_quote( $host, '/' ) ); } $wildcard_regex = '/^(' . implode( '|', $wildcard_regex ) . ')$/i'; } } if ( ! empty( $wildcard_regex ) ) { return ! preg_match( $wildcard_regex, $check['host'] ); } else { return ! in_array( $check['host'], $accessible_hosts, true ); // Inverse logic, if it's in the array, then don't block it. } }
Changelog
Version | Description |
---|---|
2.8.0 | Introduced. |
© 2003–2021 WordPress Foundation
Licensed under the GNU GPLv2+ License.
https://developer.wordpress.org/reference/classes/wp_http/block_request