/** * Sends the "Allow" header to state all methods that can be sent to the current route. * * @since 4.4.0 * * @param WP_REST_Response $response Current response being served. * @param WP_REST_Server $server ResponseHandler instance (usually WP_REST_Server). * @param WP_REST_Request $request The request that was used to make current response. * @return WP_REST_Response Response to be served, with "Allow" header if route has allowed methods. */ function rest_send_allow_header($response, $server, $request) { $matched_route = $response->get_matched_route(); if (!$matched_route) { return $response; } $routes = $server->get_routes(); $allowed_methods = array(); // Get the allowed methods across the routes. foreach ($routes[$matched_route] as $_handler) { foreach ($_handler['methods'] as $handler_method => $value) { if (!empty($_handler['permission_callback'])) { $permission = call_user_func($_handler['permission_callback'], $request); $allowed_methods[$handler_method] = true === $permission; } else { $allowed_methods[$handler_method] = true; } } } // Strip out all the methods that are not allowed (false values). $allowed_methods = array_filter($allowed_methods); if ($allowed_methods) { $response->header('Allow', implode(', ', array_map('strtoupper', array_keys($allowed_methods)))); } return $response; }