The http_request_reject_unsafe_urls WordPress PHP Filter allows you to control if URLs should be passed through the wp_http_validate_url()
function during an HTTP request.
Usage
add_filter('http_request_reject_unsafe_urls', 'your_custom_function', 10, 2); function your_custom_function($pass_url, $url) { // your custom code here return $pass_url; }
Parameters
$pass_url
(bool): Whether to pass URLs throughwp_http_validate_url()
. Default isfalse
.$url
(string): The request URL.
More information
See WordPress Developer Resources: http_request_reject_unsafe_urls
Examples
Allow all URLs to pass validation
Allow all URLs to bypass the wp_http_validate_url()
function.
add_filter('http_request_reject_unsafe_urls', '__return_true');
Block specific domain from passing validation
Prevent URLs from a specific domain from passing the wp_http_validate_url()
function.
add_filter('http_request_reject_unsafe_urls', 'block_specific_domain', 10, 2); function block_specific_domain($pass_url, $url) { if (strpos($url, 'baddomain.com') !== false) { return true; } return $pass_url; }
Allow only HTTPS URLs to pass validation
Only allow URLs with HTTPS protocol to pass the wp_http_validate_url()
function.
add_filter('http_request_reject_unsafe_urls', 'allow_only_https', 10, 2); function allow_only_https($pass_url, $url) { if (strpos($url, 'https://') === 0) { return false; } return $pass_url; }
Allow specific URL paths to pass validation
Allow only specific URL paths to pass the wp_http_validate_url()
function.
add_filter('http_request_reject_unsafe_urls', 'allow_specific_url_paths', 10, 2); function allow_specific_url_paths($pass_url, $url) { $allowed_paths = array('/allowed-path-1/', '/allowed-path-2/'); $parsed_url = parse_url($url); if (in_array($parsed_url['path'], $allowed_paths)) { return false; } return $pass_url; }
Log rejected URLs
Log rejected URLs when they fail the wp_http_validate_url()
function.
add_filter('http_request_reject_unsafe_urls', 'log_rejected_urls', 10, 2); function log_rejected_urls($pass_url, $url) { if ($pass_url) { error_log('Rejected URL: ' . $url); } return $pass_url; }