Home » Php » php – How to add CORS support to WordPress RSS2 feed?

php – How to add CORS support to WordPress RSS2 feed?

Posted by: admin July 12, 2020 Leave a comment


I am trying to add CORS (http://enable-cors.org/) support to an RSS2 feed within a custom WordPress theme. I have tried the following, all to no avail:

  1. Following the instructions on https://web.archive.org/web/20140314152828/http://bowdenweb.com:80/wp/2011/05/how-to-enable-cors-in-wordpress.html, I attempted to modify the theme’s header.php file and add the following code to it:

    header("Access-Control-Allow-Origin: *");

    This was successful in adding the CORS header to the WordPress posts, but not to the RSS2 feed.

  2. Then, I attempted to use the “Plugin API / Action Reference”, i.e. the add_action function (http://codex.wordpress.org/Plugin_API/Action_Reference).

    I added the following code to header.php:

    function add_cors_headers()
        header("Access-Control-Allow-Origin: *");

Again, no success. Now I am at a dead end. Any ideas?

How to&Answers:

You could do it like this with a plugin or by adding to functions. I think that ends up being cleaner.

add_action( 'pre_get_posts', 'add_header_origin' );

function add_header_origin() {
    if (is_feed()){
        header( 'Access-Control-Allow-Origin: *' );


Copy the original rss-template “wp-includes/feed-rss2.php” to your theme directory and activate it by adding this code to your functions.php:

remove_all_actions( 'do_feed_rss2' );
add_action( 'do_feed_rss2', 'my_feed_rss2', 10, 1 );

function my_feed_rss2( $for_comments ) {
    $rss_template = get_stylesheet_directory() . '/feed-rss2.php';

    if( file_exists( $rss_template ) )
        load_template( $rss_template );
        do_feed_rss2( $for_comments ); // Call default function

Then you can modify your rss-template and add the header like mentioned by jefffederman.


Go to wp-includes/feed-rss2.php and below

header('Content-Type: ' . feed_content_type('rss-http') . '; charset=' . get_option('blog_charset'), true);


header("Access-Control-Allow-Origin: *");