Allowing Cross Origin Access to WordPress Feeds


flickr photo shared by The U.S. National Archives with no copyright restriction (Flickr Commons)

I believe this is safe but I’m no security expert. Every thing I could find on XSS issues was focused on stealing passwords. WordPress feeds are all public and require no login so I think it’s all good. StackOverflow seems to agree.

With that hearty and confidence-inspiring endorsement, I give you this amazingly complicated plugin to allow access to all your WordPress feeds from other stuff (like Kin’s github rss reader)1 All simple stuff really, the key piece was getting the right trigger pre_get_posts. Otherwise it was called too late. is_feed is the other little handy piece which Tim Owens mentioned . . . and I subsequently used.


1 See how my site says success and Jim’s says failed? It’s only partially because he abandoned our country for Italy. It’s also because he doesn’t have this plugin turned on.

5 thoughts on “Allowing Cross Origin Access to WordPress Feeds

Comments are closed.