WP_Http::block_request( string $uri )

Determines whether an HTTP API request to the given URL should be blocked.


Description Description

Those who are behind a proxy and want to prevent access to certain hosts may do so. This will prevent plugins from working and core functionality, if you don’t include api.wordpress.org.

You block external URL requests by defining WP_HTTP_BLOCK_EXTERNAL as true in your wp-config.php file and this will only allow localhost and your site to make requests. The constant WP_ACCESSIBLE_HOSTS will allow additional hosts to go through for requests. The format of the WP_ACCESSIBLE_HOSTS constant is a comma separated list of hostnames to allow, wildcard domains are supported, eg *.wordpress.org will allow for all subdomains of wordpress.org to be contacted.


Parameters Parameters

$uri

(string) (Required) URI of url.


Top ↑

Return Return

(bool) True to block, false to allow.


Top ↑

Source Source

File: wp-includes/class-http.php

	public function block_request( $uri ) {
		// We don't need to block requests, because nothing is blocked.
		if ( ! defined( 'WP_HTTP_BLOCK_EXTERNAL' ) || ! WP_HTTP_BLOCK_EXTERNAL ) {
			return false;
		}

		$check = parse_url( $uri );
		if ( ! $check ) {
			return true;
		}

		$home = parse_url( get_option( 'siteurl' ) );

		// Don't block requests back to ourselves by default.
		if ( 'localhost' == $check['host'] || ( isset( $home['host'] ) && $home['host'] == $check['host'] ) ) {
			/**
			 * Filters whether to block local HTTP API requests.
			 *
			 * A local request is one to `localhost` or to the same host as the site itself.
			 *
			 * @since 2.8.0
			 *
			 * @param bool $block Whether to block local requests. Default false.
			 */
			return apply_filters( 'block_local_requests', false );
		}

		if ( ! defined( 'WP_ACCESSIBLE_HOSTS' ) ) {
			return true;
		}

		static $accessible_hosts = null;
		static $wildcard_regex   = array();
		if ( null === $accessible_hosts ) {
			$accessible_hosts = preg_split( '|,\s*|', WP_ACCESSIBLE_HOSTS );

			if ( false !== strpos( WP_ACCESSIBLE_HOSTS, '*' ) ) {
				$wildcard_regex = array();
				foreach ( $accessible_hosts as $host ) {
					$wildcard_regex[] = str_replace( '\*', '.+', preg_quote( $host, '/' ) );
				}
				$wildcard_regex = '/^(' . implode( '|', $wildcard_regex ) . ')$/i';
			}
		}

		if ( ! empty( $wildcard_regex ) ) {
			return ! preg_match( $wildcard_regex, $check['host'] );
		} else {
			return ! in_array( $check['host'], $accessible_hosts ); // Inverse logic, if it's in the array, then don't block it.
		}

	}

Top ↑

Changelog Changelog

Changelog
Version Description
2.8.0 Introduced.


Top ↑

User Contributed Notes User Contributed Notes

You must log in before being able to contribute a note or feedback.