By Abel Melquiades Callejo


2015-08-18 11:30:24 8 Comments

WordPress already has a default URL for jQuery-WordPress application calls and it's well known as the ajaxurl. However, there are cases wherein one would need to enable Cross-Origin Resource Sharing (CORS) on it such that any hostname will be able to access using it.

My current solutions is by adding a line in /wp-includes/http.php with:

@header( 'Access-Control-Allow-Origin: *' );

Such that it will be:

http.php

...
function send_origin_headers() {
    $origin = get_http_origin();

    @header( 'Access-Control-Allow-Origin: *' );
    if ( is_allowed_http_origin( $origin ) ) {
        @header( 'Access-Control-Allow-Origin: ' .  $origin );
        @header( 'Access-Control-Allow-Credentials: true' );
        if ( 'OPTIONS' === $_SERVER['REQUEST_METHOD'] )
            exit;
        return $origin;
    }

    if ( 'OPTIONS' === $_SERVER['REQUEST_METHOD'] ) {
        status_header( 403 );
        exit;
    }

    return false;
}
...

It works but editing the WordPress core is not a good solution.

Is there a better way to enable CORS for the ajaxurl?

2 comments

@Julian 2016-05-13 08:12:05

Milo is correct.

For instance, go to your theme's functions.php file, and add the following:

add_filter( 'allowed_http_origins', 'add_allowed_origins' );
function add_allowed_origins( $origins ) {
    $origins[] = 'https://site1.example.com';
    $origins[] = 'https://site2.example.com';
    return $origins;
}

Now an ajax call from https://site1.example.com to your site's ajax url will have the appropriate Access-Control-Allow-Origin header in the response. eg.

$.ajax({
    url: 'https://site1.example.com/wp-admin/admin-ajax.php',
    type: "POST",
    data: {
        ...
    },
    success: function(doc) {
        ...
    }
});

@Sundar 2015-08-18 13:39:59

You can achieve it by the following code.

Open you header.php

find the following text in that file

< !DOCTYPE html>

and replace it with the following.

<?php /** @package WordPress @subpackage Default_Theme  **/
header("Access-Control-Allow-Origin: *"); 
?>
<! DOCTYPE html>
...

Now u can find Access-Control-Allow-Origin: * in your header.

Hope this helps..!Cheers.

Related Questions

Sponsored Content

2 Answered Questions

2 Answered Questions

[SOLVED] Cannot load admin-ajax.php. No access-control allow origin*

  • 2016-01-19 23:27:30
  • bestprogrammerintheworld
  • 12779 View
  • 2 Score
  • 2 Answer
  • Tags:   ajax headers

0 Answered Questions

WordPress answering to one REST API request and not to another

2 Answered Questions

[SOLVED] Dangers to allowing Access-Control-Allow-Origin: * for Feeds only?

2 Answered Questions

In the Header.php file, is there a way to swap between one layout and another?

  • 2017-06-09 15:44:57
  • OscarGuy
  • 48 View
  • 0 Score
  • 2 Answer
  • Tags:   headers

0 Answered Questions

3 Answered Questions

[SOLVED] Need help with Access-Control-Allow-Origin

  • 2016-03-10 18:57:22
  • Nick
  • 904 View
  • 0 Score
  • 3 Answer
  • Tags:   ajax headers

2 Answered Questions

[SOLVED] Is there a way to get minimal Wordpress functions for iframed content?

  • 2015-08-31 18:24:13
  • Eric
  • 42 View
  • 0 Score
  • 2 Answer
  • Tags:   headers

1 Answered Questions

[SOLVED] Is there some way to refactor this jQuery wrapper?

  • 2013-11-15 02:58:20
  • byronyasgur
  • 29 View
  • 0 Score
  • 1 Answer
  • Tags:   jquery

2 Answered Questions

Sponsored Content