How to Modify HTTP Headers in the WordPress Admin Area

-

WordPress provides the wp_headers filter hook and send_headers action hook to add and modify HTTP requests. For front-end pages, these are ideal hooks that should be used whenever possible. Unfortunately however neither hook works on all pages in the WordPress Admin Area. After some experimentation, I found an easy solution to modify HTTP headers on any/all pages in the Admin Area.

wp_headers = Doesn’t Work in the Admin Area

At WP-Mix.com, I posted a tutorial about how to Disable the Chrome XSS Auditor. The code provided in the original version of the tutorial used wp_headers to add the XSS header:

// Add HTTP XSS Header
function shapeSpace_add_xss_header() {
        
        $headers['X-XSS-Protection'] = '0';
        
        return $headers;
        
}
add_filter('wp_headers', 'shapeSpace_add_xss_header');

But as JanWillem pointed out, it doesn’t work in the Admin Area. It does work on Posts, Pages, and other CPT screens, but nowhere else. Possibly because CPT pages utilize the WordPress Loop and thus the wp_headers hook is fired. Regardless, neither wp_headers nor send_headers works on ALL pages/requests in the Admin Area. Fortunately, there is a solution..

Add/Modify/Remove Headers in the Admin Area

The easiest way to add or modify a header for ANY/ALL WP-generated pages, including all pages in the WordPress Admin Area and frontend, is to call the PHP headers() function using the WP init hook. Here are some basic examples showing how it’s done.

Note: these examples limit header modification to admin pages only. To modify headers for front-end requests, it is recommended to use wp_headers or send_headers instead.

Add Headers

To add, say, an XSS header in both the Admin Area and the frontend (i.e., everywhere), we can add the following code to functions.php or via plugin.

// Add HTTP Header
function shapeSpace_add_header() {
        
        if (is_admin()) header('X-XSS-Protection: 0');
        
}
add_action('init', 'shapeSpace_add_header');

So simple it hurts. This technique uses the WordPress function, is_admin() to check if the request is for any page in the WP Admin Area. If so, the XSS header is added via the headers() function. Further conditional logic may be applied to target only specific pages. For an example, check out the WP-Mix tutorial, Disable the Chrome XSS Auditor.

Modify Headers

By default, the headers() function replaces any existing header of the same name. Consider this example:

// Modify HTTP Header
function shapeSpace_modify_header() {
        
        if (is_admin()) header('Example-Header: Value');
        
}
add_action('init', 'shapeSpace_modify_header');

If the Example-Header header already exists, its value will be replaced by Value. So this technique can be used to either add a new header (if it does not already exist), or can be used to modify a header (if it does already exist).

Add Multiple Headers

To add multiple headers that have the same name, we can pass a second argument to the headers() function like so:

// Add Multiple HTTP Headers
function shapeSpace_add_headers() {
        
        if (is_admin()) {
        
                header('Header-Example: Value 1', false);
                header('Header-Example: Value 2', false);
                header('Header-Example: Value 3', false);
        
        }
        
}
add_action('init', 'shapeSpace_add_headers');

Notice here we are passing false as the argument for the function’s replace parameter. So this example will add three new headers (and not replace any headers), each with their own value. For more information, check out the header() documentation.

Remove Headers

Last example, if you want to delete a header use the header_remove() function:

// Remove HTTP Header
function shapeSpace_remove_header() {
        
        if (is_admin()) header_remove('Header-Example');
        
}
add_action('init', 'shapeSpace_remove_header');

This technique will remove any header(s) named Header-Example. Again, as with previous examples, we are using is_admin() to make sure that only admin pages are affected.

Important!

Only modify HTTP headers (especially in the Admin Area) if you know 100% what you are doing. If in doubt, do not change any headers. If you are working on front-end pages, use the WordPress core hooks, wp_headers and send_headers instead of the above PHP headers() technique.




from Perishable Press http://bit.ly/2IXUYRl

Comments

Post a Comment

Popular posts from this blog

20 Free Professional Resume Cover Letter Format Templates for Jobs 2020

-
Image
Are you getting ready to apply to jobs and want to make a cover letter? Using a professional cover letter template will save you time and ensure that you've got a professional design. This cover letter template and hundreds more can be found on Envato Elements. Using a premium cover letter template can not only save you time, but you'll have a high-quality template for your letter. All you need to do is add the information you'd like to and customize the template and you're done. In this article, we'll explore some of the best premium and free cover letter templates available online. Find the Best Premium Resume Cover Letter Templates on Envato Elements (With Unlimited Use)  Envato Elements is an all-you-can-download resources for professionals and creatives, including good cover letter templates . With Elements, you pay a low monthly fee to get access to: resume and CV letter templates stock photos and royalty free music WordPress themes and more ...
Read more

How to Create Gantt Charts in PowerPoint With PPT Templates

-
Image
You might not think of Microsoft PowerPoint as a project management tool. But there's a reason it's used for project updates and by project teams. The ease-of-use and flexibility of PowerPoint work for any project management professional.  It's easy to create a Gantt Chart in PowerPoint (PPT) once you know how. When it comes to managing projects, you need tools to make them manageable. That includes process charts to help your team collaborate efficiently. Project management professionals often turn to  Gantt charts  to visualize the parts of the project. In this tutorial, you'll learn how to create a Gantt chart in PowerPoint . You'll learn how to use an impressive template to build a Gantt chart that ensures that every member of your project team knows how their part in the project fits into the bigger picture. Let's dive in! What's a Gantt Chart? Imagine you're building something that requires collaboration with others. That could be a website, ...
Read more

32+ Professional PowerPoint Templates: For Better Business PPT Presentations

-
Image
Do you have a business presentation PowerPoint to give this week? Is the deadline for your pitch approaching fast? Or, is the clock ticking down to the date of your speaking engagement? If so, your needs are immediate. It's critical that you create a professional presentation that's designed for business results. Professional PowerPoint workflow - from design to presentation. ( Influencer PPT Template ) Designing a PowerPoint presentation from scratch is difficult. It takes time to put together the right slide layouts that work cohesively together. Also, make infographics, icons, fonts, animations. Match all these elements to your message best. It’s a whole lot quicker to grab a  professional PowerPoint template  to work with from the get-go.   The best business presentation PPT templates like The X Note help you craft your content in less time than ever. Are you looking for professional PowerPoint templates ? A high-quality presentation design gives you ...
Read more