The http_request_reject_unsafe_urls WordPress PHP Filter allows you to control if URLs should be passed through the wp_http_validate_url() function during an HTTP request.
Usage
add_filter('http_request_reject_unsafe_urls', 'your_custom_function', 10, 2);
function your_custom_function($pass_url, $url) {
// your custom code here
return $pass_url;
}
Parameters
$pass_url(bool): Whether to pass URLs throughwp_http_validate_url(). Default isfalse.$url(string): The request URL.
More information
See WordPress Developer Resources: http_request_reject_unsafe_urls
Examples
Allow all URLs to pass validation
Allow all URLs to bypass the wp_http_validate_url() function.
add_filter('http_request_reject_unsafe_urls', '__return_true');
Block specific domain from passing validation
Prevent URLs from a specific domain from passing the wp_http_validate_url() function.
add_filter('http_request_reject_unsafe_urls', 'block_specific_domain', 10, 2);
function block_specific_domain($pass_url, $url) {
if (strpos($url, 'baddomain.com') !== false) {
return true;
}
return $pass_url;
}
Allow only HTTPS URLs to pass validation
Only allow URLs with HTTPS protocol to pass the wp_http_validate_url() function.
add_filter('http_request_reject_unsafe_urls', 'allow_only_https', 10, 2);
function allow_only_https($pass_url, $url) {
if (strpos($url, 'https://') === 0) {
return false;
}
return $pass_url;
}
Allow specific URL paths to pass validation
Allow only specific URL paths to pass the wp_http_validate_url() function.
add_filter('http_request_reject_unsafe_urls', 'allow_specific_url_paths', 10, 2);
function allow_specific_url_paths($pass_url, $url) {
$allowed_paths = array('/allowed-path-1/', '/allowed-path-2/');
$parsed_url = parse_url($url);
if (in_array($parsed_url['path'], $allowed_paths)) {
return false;
}
return $pass_url;
}
Log rejected URLs
Log rejected URLs when they fail the wp_http_validate_url() function.
add_filter('http_request_reject_unsafe_urls', 'log_rejected_urls', 10, 2);
function log_rejected_urls($pass_url, $url) {
if ($pass_url) {
error_log('Rejected URL: ' . $url);
}
return $pass_url;
}