/**
* Sends the "Allow" header to state all methods that can be sent to the current route.
*
* @since 4.4.0
*
* @param WP_REST_Response $response Current response being served.
* @param WP_REST_Server $server ResponseHandler instance (usually WP_REST_Server).
* @param WP_REST_Request $request The request that was used to make current response.
* @return WP_REST_Response Response to be served, with "Allow" header if route has allowed methods.
*/
function rest_send_allow_header($response, $server, $request)
{
$matched_route = $response->get_matched_route();
if (!$matched_route) {
return $response;
}
$routes = $server->get_routes();
$allowed_methods = array();
// Get the allowed methods across the routes.
foreach ($routes[$matched_route] as $_handler) {
foreach ($_handler['methods'] as $handler_method => $value) {
if (!empty($_handler['permission_callback'])) {
$permission = call_user_func($_handler['permission_callback'], $request);
$allowed_methods[$handler_method] = true === $permission;
} else {
$allowed_methods[$handler_method] = true;
}
}
}
// Strip out all the methods that are not allowed (false values).
$allowed_methods = array_filter($allowed_methods);
if ($allowed_methods) {
$response->header('Allow', implode(', ', array_map('strtoupper', array_keys($allowed_methods))));
}
return $response;
}
