Customising cache Response Headers

  • Resolved jussipv

    (@jussipv)


    1 year, 11 months ago

    Hi,

    I’m trying to set a Access-Control-Allow-Origin header to limit requests from our endpoints to our own domains. We have multiple domains so we need to dynamically check if HTTP_ORIGIN is within our allowed domains.

    I have a code which works perfectly for the endpoints and checks the Origin but it only works for the initial request after cache is cleared and on the cached requests I guess the header allows all Origins.

    Here is my code for changing the header for our custom endpoint:

    add_action('rest_api_init', function() {

  remove_filter('rest_pre_serve_request', 'rest_send_cors_headers');
  add_filter('rest_pre_serve_request', function($value) {
    $origin = get_http_origin();

    $allowed_origins = [
      'https://our.domain.com',
      'https://ourdomain.com',
      'https://app.ourdomain.com'
    ];

    // Fallback
    $allowed_origin = 'https://ourdomain.com';

    if(in_array($origin, $allowed_origins)) {
      $allowed_origin = $origin;
    }

    header( 'Access-Control-Allow-Origin: ' . esc_url_raw($allowed_origin));
    header( 'Access-Control-Allow-Methods: GET, OPTIONS');

    if(isset($_SERVER['REQUEST_METHOD']) && $_SERVER['REQUEST_METHOD'] === 'OPTIONS') {
      header( 'Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept');

      header( 'Access-Control-Max-Age: 86400');
      header( 'Cache-Control: public, max-age=86400');
      header( 'Vary: origin');

      exit(0);
    }

    return $value;
  });
});
Viewing 8 replies - 1 through 8 (of 8 total)
  • Plugin Author Richard Korthuis

    (@rockfire)

    1 year, 9 months ago

    Hi @jussipv

    Thank you for using our plugin and sorry for the late reply.

    The reason your code for changing the header doesn’t work is because of the way our plugin works. It hooks into WordPress as soon as possible and prevents any other code to be executed (including your code).
    We do have filters to alter the headers of the cached request, but this is prior to caching, so it would not work for you. We could consider adding a filter/hook so you could alter the headers of a cached request prior to outputting it, but you would have to use the filter from a must use plugin. Would that work for you?

    adinehnsio

    (@adinehnsio)

    1 year, 9 months ago

    Hi @rockfire, first thanks for an awesome plugin.

    I have the same need as Jussipv and a hook to alter the headers would be greatly appreciated!

    Best regards
    Adin

    jilfransoi

    (@jilfransoi)

    1 year, 8 months ago

    Hello, I have the same need, I want to modify the headers of all cached requests and could use a hook via a must use plugin. is it added to the roadmap yet ?

    Thanks !

    Plugin Author Richard Korthuis

    (@rockfire)

    1 year, 3 months ago

    Hi @jussipv , @jilfransoi and @adinehnsio

    Sorry it took me so long, I have been extremely busy, but we just released a new version of our plugin which includes a filter wp_rest_cache/pre_output_headers which can be used (from a mu-plugin with a name which is alfabetically before wp-rest-cache.php) to alter the headers. For example like this:

    /**
 * Add Access-Control-Allow-Headers headers to the response.
 *
 * @param array $headers The headers that will be sent to the client.
 * @param string $request_uri The REST URI that is being requested.
 *
 * @return array
 */
function wprc_pre_output_headers( $headers, $request_uri ) {
	$headers['Access-Control-Allow-Headers'] = 'Origin, X-Requested-With, Content-Type, Accept';
	return $headers;
}
    fatjester

    (@fatjester)

    10 months ago

    Hello, I am trying to utilize this hook from a plugin, but it never seems to fire. Does it have to be done as a mu-plugin with specific alphabetical name, or is there a more supported method to utilize this?
    Thanks!

    jilfransoi

    (@jilfransoi)

    10 months ago

    Hello @rockfire just seeing your reply now.

    Thank you for your kind work, will try this asap.

    Cheers

    Plugin Author Richard Korthuis

    (@rockfire)

    10 months ago

    Hi @fatjester

    Yes it has to be a mu-plugin. This is because of the way our plugin works: if a cache record is available it is returned by our mu-plugin and no normal plugins are loaded. So it is not possible to use this filter from a normal plugin.

    fatjester

    (@fatjester)

    10 months ago

    Ok, thanks!

Viewing 8 replies - 1 through 8 (of 8 total)
  • The topic ‘Customising cache Response Headers’ is closed to new replies.

Tags