Allowing Cross Origin Access to WordPress Feeds


flickr photo shared by The U.S. National Archives with no copyright restriction (Flickr Commons)

I believe this is safe but I’m no security expert. Every thing I could find on XSS issues was focused on stealing passwords. WordPress feeds are all public and require no login so I think it’s all good. StackOverflow seems to agree.

With that hearty and confidence-inspiring endorsement, I give you this amazingly complicated plugin to allow access to all your WordPress feeds from other stuff (like Kin’s github rss reader)1 All simple stuff really, the key piece was getting the right trigger pre_get_posts. Otherwise it was called too late. is_feed is the other little handy piece which Tim Owens mentioned . . . and I subsequently used.


1 See how my site says success and Jim’s says failed? It’s only partially because he abandoned our country for Italy. It’s also because he doesn’t have this plugin turned on.

Comments on this post

  1. CogDog said on March 28, 2016 at 1:40 pm

    I passed, thanks.

  2. Jim Groom (@jimgroom) said on March 28, 2016 at 2:21 pm

    What did I do wrong? Did I fail to install your hacky, unsafe plugin so the North Koreans will get my latitude and longitude?

    • Tom Woodward said on March 28, 2016 at 2:48 pm

      While accurate, I take offense to those statements.

  3. Jim Groom (@jimgroom) said on March 28, 2016 at 2:34 pm

    I have now complied, if my shit goes down I’m coming looking for you, Woodward!

Leave a Reply

Trackbacks and Pingbacks on this post

  1. The View from Here | bavatuesdays said on March 29, 2016 at 11:10 am

    […] Summit at Davidson College (as it should be), and I came across this project thanks to this post featuring the “Allow Cross Origin Access to Feeds” plugin whipped up  by Tom Woodward in order to enable Kin’s RSS aggregator to work on […]

TrackBack URL