The get_allowed_http_origins() WordPress PHP function retrieves a list of allowed HTTP origins.
Usage
$allowed_origins = get_allowed_http_origins();
Parameters
- None
More information
See WordPress Developer Resources: get_allowed_http_origins()
Examples
Allow additional origin for a specific domain
To allow an additional origin for a specific domain, you can use the allowed_http_origins filter.
// Add a custom domain to the allowed HTTP origins list
function my_custom_allowed_origins($origins) {
$origins[] = 'https://www.example.com';
return $origins;
}
add_filter('allowed_http_origins', 'my_custom_allowed_origins');
Restrict allowed origins to a specific domain
To restrict the allowed origins to a specific domain, you can replace the entire list using the allowed_http_origins filter.
// Restrict allowed HTTP origins to a specific domain
function my_restrict_allowed_origins($origins) {
return array('https://www.example.com');
}
add_filter('allowed_http_origins', 'my_restrict_allowed_origins');
Remove an origin from the list
If you want to remove a specific origin from the list, you can use the allowed_http_origins filter.
// Remove an origin from the allowed HTTP origins list
function my_remove_allowed_origin($origins) {
$key = array_search('https://www.example.com', $origins);
if ($key !== false) {
unset($origins[$key]);
}
return $origins;
}
add_filter('allowed_http_origins', 'my_remove_allowed_origin');
Allow all origins
To allow all origins, you can use the allowed_http_origins filter and return a wildcard.
// Allow all HTTP origins
function my_allow_all_origins($origins) {
return array('*');
}
add_filter('allowed_http_origins', 'my_allow_all_origins');
Debugging allowed origins
To debug the allowed origins list, you can print the list to the error log.
// Debug allowed HTTP origins
function my_debug_allowed_origins() {
$allowed_origins = get_allowed_http_origins();
error_log(print_r($allowed_origins, true));
}
add_action('init', 'my_debug_allowed_origins');