Using WordPress ‘is_allowed_http_origin()’ PHP function

The is_allowed_http_origin() WordPress PHP function determines if the HTTP origin is an authorized one.

Usage

$is_allowed = is_allowed_http_origin($origin);

Parameters

  • $origin string|null (Optional) – Origin URL. If not provided, the value of get_http_origin() is used. Default: null.

More information

See WordPress Developer Resources: is_allowed_http_origin()

Examples

Check if the current HTTP origin is allowed

Determine if the current HTTP origin is allowed using the is_allowed_http_origin() function.

$is_allowed = is_allowed_http_origin();
if ($is_allowed) {
    echo "Origin is allowed.";
} else {
    echo "Origin is not allowed.";
}

Check if a specific origin is allowed

Determine if a specific HTTP origin is allowed using the is_allowed_http_origin() function with a custom origin.

$origin = 'https://www.example.com';
$is_allowed = is_allowed_http_origin($origin);
if ($is_allowed) {
    echo "Origin '{$origin}' is allowed.";
} else {
    echo "Origin '{$origin}' is not allowed.";
}

Add an allowed origin

Add an allowed origin using the allowed_http_origins filter.

function my_allowed_origins($origins) {
    $origins[] = 'https://www.example2.com';
    return $origins;
}
add_filter('allowed_http_origins', 'my_allowed_origins');

Remove an allowed origin

Remove an allowed origin using the allowed_http_origins filter.

function my_remove_allowed_origin($origins) {
    $index = array_search('https://www.example2.com', $origins);
    if (false !== $index) {
        unset($origins[$index]);
    }
    return $origins;
}
add_filter('allowed_http_origins', 'my_remove_allowed_origin');

Check and display allowed origins

Check and display all allowed HTTP origins.

$allowed_origins = apply_filters('allowed_http_origins', array());
foreach ($allowed_origins as $origin) {
    echo "Allowed origin: {$origin}<br>";
}