[*][**]
So is there ever any other situation in which I would want to use wp_remote_post or should I always stick with wp_safe_remote_post?
The two functions are exactly the same, except wp_safe_remote_post() sets the reject_unsafe_urls argument to true. That argument causes the URL to be passed through wp_http_validate_url() in WP_Http::request().
From that function, we see that there are a few use cases where you would need to use wp_remote_post() instead of wp_safe_remote_post().
- If you are using a protocol that is not http or https.*
- If you need to pass a user or pass in the URL.
- If you are posting to the localhost.**
- If you need to use a port other than 80, 443, or 8080.
It’s also possible to use the http_request_reject_unsafe_urls filter to pass URLs through wp_http_validate_url() in an HTTP request whether wp_safe_remote_post() or wp_remote_post() is called.
[*] If reject_unsafe_urls is not set, the URL is still passed though wp_kses_bad_protocol() and the allowed protocols are http, https, and ssl.
[**] It’s possible to use wp_safe_remove_post() to the localhost by using the http_request_host_is_external filter and returning a truthy value.