WP_Customize_Manager::get_allowed_urls()

Get URLs allowed to be previewed.

Description

If the front end and the admin are served from the same domain, load the preview over ssl if the Customizer is being loaded over ssl. This avoids insecure content warnings. This is not attempted if the admin and front end are on different domains to avoid the case where the front end doesn’t have ssl certs. Domain mapping plugins can allow other urls in these conditions using the customize_allowed_urls filter.

Source

File: wp-includes/class-wp-customize-manager.php 

	public function get_allowed_urls() {
		$allowed_urls = array( home_url( '/' ) );

		if ( is_ssl() && ! $this->is_cross_domain() ) {
			$allowed_urls[] = home_url( '/', 'https' );
		}

		/**
		 * Filters the list of URLs allowed to be clicked and followed in the Customizer preview.
		 *
		 * @since WP-3.4.0
		 *
		 * @param array $allowed_urls An array of allowed URLs.
		 */
		$allowed_urls = array_unique( apply_filters( 'customize_allowed_urls', $allowed_urls ) );

		return $allowed_urls;
	}

Expand Source Code View on GitHub

Related

Uses

Uses
Uses Description
wp-includes/link-template.php: home_url()

Retrieves the URL for the current site where the front end is accessible.
wp-includes/plugin.php: apply_filters()

Call the functions added to a filter hook.
wp-includes/class-wp-customize-manager.php: WP_Customize_Manager::is_cross_domain()

Determines whether the admin and the frontend are on different domains.
wp-includes/class-wp-customize-manager.php: customize_allowed_urls

Filters the list of URLs allowed to be clicked and followed in the Customizer preview.
wp-includes/load.php: is_ssl()

Determines if SSL is used.

Changelog

Changelog
Version Description
WP-4.7.0 Introduced.