问题描述
这似乎会更加明显.我使用WordPress管理外部网站的内容. WordPress内容是通过WP REST API显示的,而我使用ajax和JS将内容显示到此远程站点. (例如 https://example.com//wp-json/wp/v2/pages/23 ).一切都基于SSL,并且一切正常.我如何简单地做到这一点,以便仅从某个域(远程站点)允许此ajax GET请求? WP API仅用于显示数据.
This seems like it would be more obvious. I use WordPress to manage content for an external site. The WordPress content is displayed via the WP REST API and I display content with ajax and JS to this remote site. (e.g. https://example.com//wp-json/wp/v2/pages/23). Everything is on SSL and it all works great. How can I simply make it so this ajax GET request is only allowed from a certain domain - the remote site? The WP API is only used to display data.
推荐答案
我只是看过php服务器变量并弄清楚了. $ _SERVER ['HTTP_ORIGIN'];是我抢到的那个.就像魅力一样!
I just had look at the php server variables and figure this out. $_SERVER['HTTP_ORIGIN']; was the one that I grab. Works like a charm!
add_filter( 'rest_authentication_errors', 'gc_filter_incoming_connections' );
function gc_filter_incoming_connections( $errors ){
$allowed_origins = array('https://www.example.com'); // url that you want to access your WP REST API
$request_origin = $_SERVER['HTTP_ORIGIN'];
if( ! in_array( $request_origin, $allowed_origins ) )
return new WP_Error( 'forbidden_access', 'Access denied', array( 'status' => 403 ) );
return $errors;
}
这篇关于WordPress WP REST API按域限制请求的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!