Dev Kabir

Since we haven’t received a response from you, I’m proceeding to close this thread. Please know that you’re welcome to contribute to this thread at any time by adding your message.

// Register a custom REST API endpoint when the rest_api_init action is triggered
add_action('rest_api_init', function () {
    // Define a REST route under the 'loadImage' namespace with the path '/content/'
    // Set the HTTP method to 'GET' and specify the callback function as 'fetchImage'
    register_rest_route('loadImage', '/content/', array(
        'methods' => 'GET',
        'callback' => 'fetchImage',
    ));
});

// Define the callback function 'fetchImage' that will handle the logic for fetching and returning images
function fetchImage($data) {
    // Retrieve and sanitize the URL parameter from the incoming request data
    $url = esc_url_raw($data->get_param('url'));

    // Validate the provided URL
    if (!filter_var($url, FILTER_VALIDATE_URL)) {
        // If the URL is invalid, return a WP_Error indicating an invalid URL with a 400 Bad Request status
        return new WP_Error('invalid_url', 'Invalid URL provided.', array('status' => 400));
    }

    // Get image data (dimensions, MIME type, etc.) for the specified URL
    /**
     * Do not use getimagesize() to check that a given file is a valid image. Use a purpose-built solution such as the Fileinfo extension instead.
     * @link https://www.php.net/manual/en/function.getimagesize.php
     */
    $info = getimagesize($url);

    // Check if image data is available
    if (!$info) {
        // If image data is not available, return a WP_Error indicating an invalid image URL
        // or an inability to fetch image data with a 400 Bad Request status
        return new WP_Error('invalid_image', 'Invalid image URL or unable to fetch image data.', array('status' => 400));
    }

    // Set appropriate headers in the response to indicate the MIME type of the image
    header("Content-type: " . $info['mime']);

    // Output the binary image data from the specified URL
    readfile($url);

    // Terminate the script to prevent additional output
    die();
}

This is the explanation of the code he used to solve this problem.

Thank you for providing detailed information.

My main goal is to be able to restrict Access-Control-Allow-Origin for /wp-json and keep the other headers as is.

I believe plugin is well-equipped to achieve this goal effectively.

 I actually don’t know if PATCH is in use or not, I’m not that familiar with the WordPress REST API.

Typically, the majority of requests involve GET and POST methods, with OPTIONS commonly employed for pre-flight requests. But as I promised you before,

 If any 5 user, like yourself, opens or adds a thread to enable the PATCH method, I will include that in the next update.

Because,

There are five extended versions of this plugin available outside the official repository, each tailored to meet specific client requirements. The versions outside the repository cater to more advanced needs. However, This plugin is designed as a basic solution, primarily targeting non-tech-savvy users seeking a straightforward CORS resolution.

Considering your technical expertise, I believe you have the capability to address any security concerns that may arise, a proficiency that might surpass the typical user of this plugin. Many users of the basic version may not possess the same technical know-how.

If you have any specific security considerations or if there’s anything you’d like assistance with, please feel free to share. Your insights are valuable in enhancing the overall user experience.

Space is optional according to the spec, but improves readability.

It’s important to note that the options’ reader is the server, and in this context, I don’t foresee any noticeable performance improvement with the inclusion of spaces.

The plugin actually uses spaces in Access-Control-Allow-Headers

I will remove space in next update.

Have you tested these options after adding space? Could you please provide a relevant source link so that anyone can review your suggestion?

 You can uninstall this plugin as it will not provide any benefits for you.

• This reply was modified 2 years, 4 months ago by Dev Kabir.
• This reply was modified 2 years, 4 months ago by Dev Kabir.

If your website is hosted on an nginx server, you can uninstall this plugin as it will not provide any benefits for you.

Hello @michaeledi,

Thank you for reaching out and for using my plugin. I understand the frustration you’re experiencing, and I’m here to help.

Firstly, I appreciate you providing detailed information about the issue you’re facing. The CORS test result on https://cors-test.codehappy.dev/ suggests that the necessary headers are being sent correctly by your server. However, the error message you’re encountering on the origin site indicates otherwise.

To assist you further, could you please provide the following information,

Server Configuration, Screenshot of Plugin Configuration, Your Site url.

Feel free to share this information either in this conversation or via email. If you choose to email, you can send the details to [email protected].