WordPress.org

Make WordPress Core

Opened 4 years ago

Last modified 3 years ago

#29619 new enhancement

Make WP_HTTP_BLOCK_EXTERNAL more easy to use

Reported by: markoheijnen Owned by:
Milestone: Awaiting Review Priority: normal
Severity: normal Version: 2.8
Component: HTTP API Keywords: dev-feedback needs-patch
Focuses: Cc:

Description

Currently when defining WP_HTTP_BLOCK_EXTERNAL it blocks all requests which would mean that WordPress itself becomes unusable because it then will also blocks it own requests to WordPress.org. Also oEmbeds stop working because they can't get their data.

My idea is to make an if statement like the localhost check to allow those requests. I do get that this constant is mainly for local development but would be great to have a easy way to have a semi locked down installation. So I'm curious what you guys think about this.

Change History (2)

#1 @nacin
4 years ago

Perhaps something like https://github.com/norcross/airplane-mode belongs closer to core, but it's not quite related to this constant. This constant isn't designed so much for local development as it is for when WordPress is being run silently inside an intranet. WP_Http::block_request() could maybe benefit from a filter (mainly because WP_ACCESSIBLE_HOSTS is pretty lame) but it WP_ACCESSIBLE_HOSTS does already offer you some kind of control.

#2 @chriscct7
3 years ago

  • Keywords needs-patch added
Note: See TracTickets for help on using tickets.