* Standardizes the HTTP requests for WordPress. Handles cookies, gzip encoding and decoding, chunk
* decoding, if HTTP 1.1 and various other difficult HTTP protocol implementations.
* Returns the initialized WP_Http Object
* @return WP_Http HTTP Transport object.
function _wp_http_get_object() {
if ( is_null( $http ) ) {
* Retrieve the raw response from a safe HTTP request.
* This function is ideal when the HTTP request is being made to an arbitrary
* URL. The URL is validated to avoid redirection and request forgery attacks.
* @see wp_remote_request() For more information on the response array format.
* @see WP_Http::request() For default arguments information.
* @param string $url URL to retrieve.
* @param array $args Optional. Request arguments. Default empty array.
* @return array|WP_Error The response or WP_Error on failure.
function wp_safe_remote_request( $url, $args = array() ) {
$args['reject_unsafe_urls'] = true;
$http = _wp_http_get_object();
return $http->request( $url, $args );
* Retrieve the raw response from a safe HTTP request using the GET method.
* This function is ideal when the HTTP request is being made to an arbitrary
* URL. The URL is validated to avoid redirection and request forgery attacks.
* @see wp_remote_request() For more information on the response array format.
* @see WP_Http::request() For default arguments information.
* @param string $url URL to retrieve.
* @param array $args Optional. Request arguments. Default empty array.
* @return array|WP_Error The response or WP_Error on failure.
function wp_safe_remote_get( $url, $args = array() ) {
$args['reject_unsafe_urls'] = true;
$http = _wp_http_get_object();
return $http->get( $url, $args );
* Retrieve the raw response from a safe HTTP request using the POST method.
* This function is ideal when the HTTP request is being made to an arbitrary
* URL. The URL is validated to avoid redirection and request forgery attacks.
* @see wp_remote_request() For more information on the response array format.
* @see WP_Http::request() For default arguments information.
* @param string $url URL to retrieve.
* @param array $args Optional. Request arguments. Default empty array.
* @return array|WP_Error The response or WP_Error on failure.
function wp_safe_remote_post( $url, $args = array() ) {
$args['reject_unsafe_urls'] = true;
$http = _wp_http_get_object();
return $http->post( $url, $args );
* Retrieve the raw response from a safe HTTP request using the HEAD method.
* This function is ideal when the HTTP request is being made to an arbitrary
* URL. The URL is validated to avoid redirection and request forgery attacks.
* @see wp_remote_request() For more information on the response array format.
* @see WP_Http::request() For default arguments information.
* @param string $url URL to retrieve.
* @param array $args Optional. Request arguments. Default empty array.
* @return array|WP_Error The response or WP_Error on failure.
function wp_safe_remote_head( $url, $args = array() ) {
$args['reject_unsafe_urls'] = true;
$http = _wp_http_get_object();
return $http->head( $url, $args );
* Performs an HTTP request and returns its response.
* There are other API functions available which abstract away the HTTP method:
* - Default 'GET' for wp_remote_get()
* - Default 'POST' for wp_remote_post()
* - Default 'HEAD' for wp_remote_head()
* @see WP_Http::request() For information on default arguments.
* @param string $url URL to retrieve.
* @param array $args Optional. Request arguments. Default empty array.
* @return array|WP_Error {
* The response array or a WP_Error on failure.
* @type string[] $headers Array of response headers keyed by their name.
* @type string $body Response body.
* @type array $response {
* Data about the HTTP response.
* @type int|false $code HTTP response code.
* @type string|false $message HTTP response message.
* @type WP_HTTP_Cookie[] $cookies Array of response cookies.
* @type WP_HTTP_Requests_Response|null $http_response Raw HTTP response object.
function wp_remote_request( $url, $args = array() ) {
$http = _wp_http_get_object();
return $http->request( $url, $args );
* Performs an HTTP request using the GET method and returns its response.
* @see wp_remote_request() For more information on the response array format.
* @see WP_Http::request() For default arguments information.
* @param string $url URL to retrieve.
* @param array $args Optional. Request arguments. Default empty array.
* @return array|WP_Error The response or WP_Error on failure.
function wp_remote_get( $url, $args = array() ) {
$http = _wp_http_get_object();
return $http->get( $url, $args );
* Performs an HTTP request using the POST method and returns its response.
* @see wp_remote_request() For more information on the response array format.
* @see WP_Http::request() For default arguments information.
* @param string $url URL to retrieve.
* @param array $args Optional. Request arguments. Default empty array.
* @return array|WP_Error The response or WP_Error on failure.
function wp_remote_post( $url, $args = array() ) {
$http = _wp_http_get_object();
return $http->post( $url, $args );
* Performs an HTTP request using the HEAD method and returns its response.
* @see wp_remote_request() For more information on the response array format.
* @see WP_Http::request() For default arguments information.
* @param string $url URL to retrieve.
* @param array $args Optional. Request arguments. Default empty array.
* @return array|WP_Error The response or WP_Error on failure.
function wp_remote_head( $url, $args = array() ) {
$http = _wp_http_get_object();
return $http->head( $url, $args );
* Retrieve only the headers from the raw response.
* @since 4.6.0 Return value changed from an array to an Requests_Utility_CaseInsensitiveDictionary instance.
* @see \Requests_Utility_CaseInsensitiveDictionary
* @param array|WP_Error $response HTTP response.
* @return array|\Requests_Utility_CaseInsensitiveDictionary The headers of the response. Empty array if incorrect parameter given.
function wp_remote_retrieve_headers( $response ) {
if ( is_wp_error( $response ) || ! isset( $response['headers'] ) ) {
return $response['headers'];
* Retrieve a single header by name from the raw response.
* @param array|WP_Error $response HTTP response.
* @param string $header Header name to retrieve value from.
* @return string The header value. Empty string on if incorrect parameter given, or if the header doesn't exist.
function wp_remote_retrieve_header( $response, $header ) {
if ( is_wp_error( $response ) || ! isset( $response['headers'] ) ) {
if ( isset( $response['headers'][ $header ] ) ) {
return $response['headers'][ $header ];
* Retrieve only the response code from the raw response.
* Will return an empty array if incorrect parameter value is given.
* @param array|WP_Error $response HTTP response.
* @return int|string The response code as an integer. Empty string on incorrect parameter given.
function wp_remote_retrieve_response_code( $response ) {
if ( is_wp_error( $response ) || ! isset( $response['response'] ) || ! is_array( $response['response'] ) ) {
return $response['response']['code'];
* Retrieve only the response message from the raw response.
* Will return an empty array if incorrect parameter value is given.
* @param array|WP_Error $response HTTP response.
* @return string The response message. Empty string on incorrect parameter given.
function wp_remote_retrieve_response_message( $response ) {
if ( is_wp_error( $response ) || ! isset( $response['response'] ) || ! is_array( $response['response'] ) ) {
return $response['response']['message'];
* Retrieve only the body from the raw response.
* @param array|WP_Error $response HTTP response.
* @return string The body of the response. Empty string if no body or incorrect parameter given.
function wp_remote_retrieve_body( $response ) {
if ( is_wp_error( $response ) || ! isset( $response['body'] ) ) {
return $response['body'];
* Retrieve only the cookies from the raw response.
* @param array|WP_Error $response HTTP response.
* @return WP_Http_Cookie[] An array of `WP_Http_Cookie` objects from the response. Empty array if there are none, or the response is a WP_Error.
function wp_remote_retrieve_cookies( $response ) {
if ( is_wp_error( $response ) || empty( $response['cookies'] ) ) {
return $response['cookies'];
* Retrieve a single cookie by name from the raw response.
* @param array|WP_Error $response HTTP response.
* @param string $name The name of the cookie to retrieve.
* @return WP_Http_Cookie|string The `WP_Http_Cookie` object. Empty string if the cookie isn't present in the response.
function wp_remote_retrieve_cookie( $response, $name ) {
$cookies = wp_remote_retrieve_cookies( $response );
if ( empty( $cookies ) ) {
foreach ( $cookies as $cookie ) {
if ( $cookie->name === $name ) {
* Retrieve a single cookie's value by name from the raw response.
* @param array|WP_Error $response HTTP response.
* @param string $name The name of the cookie to retrieve.
* @return string The value of the cookie. Empty string if the cookie isn't present in the response.
function wp_remote_retrieve_cookie_value( $response, $name ) {
$cookie = wp_remote_retrieve_cookie( $response, $name );
if ( ! is_a( $cookie, 'WP_Http_Cookie' ) ) {
* Determines if there is an HTTP Transport that can process this request.
* @param array $capabilities Array of capabilities to test or a wp_remote_request() $args array.
* @param string $url Optional. If given, will check if the URL requires SSL and adds
* that requirement to the capabilities array.
function wp_http_supports( $capabilities = array(), $url = null ) {
$http = _wp_http_get_object();
$capabilities = wp_parse_args( $capabilities );
$count = count( $capabilities );
// If we have a numeric $capabilities array, spoof a wp_remote_request() associative $args array.
if ( $count && count( array_filter( array_keys( $capabilities ), 'is_numeric' ) ) == $count ) {
$capabilities = array_combine( array_values( $capabilities ), array_fill( 0, $count, true ) );
if ( $url && ! isset( $capabilities['ssl'] ) ) {
$scheme = parse_url( $url, PHP_URL_SCHEME );
if ( 'https' === $scheme || 'ssl' === $scheme ) {
$capabilities['ssl'] = true;
return (bool) $http->_get_first_available_transport( $capabilities );
* Get the HTTP Origin of the current request.
* @return string URL of the origin. Empty string if no origin.
function get_http_origin() {
if ( ! empty( $_SERVER['HTTP_ORIGIN'] ) ) {
$origin = $_SERVER['HTTP_ORIGIN'];
* Change the origin of an HTTP request.
* @param string $origin The original origin for the request.
return apply_filters( 'http_origin', $origin );
* Retrieve list of allowed HTTP origins.
* @return string[] Array of origin URLs.
function get_allowed_http_origins() {
$admin_origin = parse_url( admin_url() );
$home_origin = parse_url( home_url() );
$allowed_origins = array_unique(
'http://' . $admin_origin['host'],
'https://' . $admin_origin['host'],
'http://' . $home_origin['host'],
'https://' . $home_origin['host'],
* Change the origin types allowed for HTTP requests.
* @param string[] $allowed_origins {
* Array of default allowed HTTP origins.
* @type string $0 Non-secure URL for admin origin.
* @type string $1 Secure URL for admin origin.
* @type string $2 Non-secure URL for home origin.
* @type string $3 Secure URL for home origin.
return apply_filters( 'allowed_http_origins', $allowed_origins );
* Determines if the HTTP origin is an authorized one.
* @param null|string $origin Origin URL. If not provided, the value of get_http_origin() is used.
* @return string Origin URL if allowed, empty string if not.
function is_allowed_http_origin( $origin = null ) {
if ( null === $origin ) {
$origin = get_http_origin();
if ( $origin && ! in_array( $origin, get_allowed_http_origins(), true ) ) {
* Change the allowed HTTP origin result.
* @param string $origin Origin URL if allowed, empty string if not.
* @param string $origin_arg Original origin string passed into is_allowed_http_origin function.
return apply_filters( 'allowed_http_origin', $origin, $origin_arg );
* Send Access-Control-Allow-Origin and related headers if the current request
* is from an allowed origin.
* If the request is an OPTIONS request, the script exits with either access
* control headers sent, or a 403 response if the origin is not allowed. For
* other request methods, you will receive a return value.
* @return string|false Returns the origin URL if headers are sent. Returns false
* if headers are not sent.
function send_origin_headers() {
$origin = get_http_origin();
if ( is_allowed_http_origin( $origin ) ) {
header( 'Access-Control-Allow-Origin: ' . $origin );
header( 'Access-Control-Allow-Credentials: true' );
if ( 'OPTIONS' === $_SERVER['REQUEST_METHOD'] ) {
if ( 'OPTIONS' === $_SERVER['REQUEST_METHOD'] ) {
It is recommended that you Edit text format, this type of Fix handles quite a lot in one request
