rest_send_allow_header( WP_REST_Response $response, WP_REST_Server $server, WP_REST_Request $request )

Sends the “Allow” header to state all methods that can be sent to the current route.

Parameters

$response

(WP_REST_Response) (Required) Current response being served.

$server

(WP_REST_Server) (Required) ResponseHandler instance (usually WP_REST_Server).

$request

(WP_REST_Request) (Required) The request that was used to make current response.

Return

(WP_REST_Response) Response to be served, with "Allow" header if route has allowed methods.

Source

File: wp-includes/rest-api.php

function rest_send_allow_header( $response, $server, $request ) {
	$matched_route = $response->get_matched_route();

	if ( ! $matched_route ) {
		return $response;
	}

	$routes = $server->get_routes();

	$allowed_methods = array();

	// Get the allowed methods across the routes.
	foreach ( $routes[ $matched_route ] as $_handler ) {
		foreach ( $_handler['methods'] as $handler_method => $value ) {

			if ( ! empty( $_handler['permission_callback'] ) ) {

				$permission = call_user_func( $_handler['permission_callback'], $request );

				$allowed_methods[ $handler_method ] = true === $permission;
			} else {
				$allowed_methods[ $handler_method ] = true;
			}
		}
	}

	// Strip out all the methods that are not allowed (false values).
	$allowed_methods = array_filter( $allowed_methods );

	if ( $allowed_methods ) {
		$response->header( 'Allow', implode( ', ', array_map( 'strtoupper', array_keys( $allowed_methods ) ) ) );
	}

	return $response;
}

Changelog

Version Description
4.4.0 Introduced.

© 2003–2021 WordPress Foundation
Licensed under the GNU GPLv2+ License.
https://developer.wordpress.org/reference/functions/rest_send_allow_header