Using WordPress ‘allowed_http_origin’ PHP filter

The allowed_http_origin WordPress PHP filter allows you to modify the allowed HTTP origin result. It returns the origin URL if allowed, or an empty string if not.

Usage

add_filter('allowed_http_origin', 'your_custom_function', 10, 2);

function your_custom_function($origin, $origin_arg) {
    // your custom code here
    return $origin;
}

Parameters

  • $origin (string): Origin URL if allowed, empty string if not.
  • $origin_arg (string): Original origin string passed into is_allowed_http_origin function.

More information

See WordPress Developer Resources: allowed_http_origin

Examples

Allow a specific origin

Allow only the specified origin to access the resource.

add_filter('allowed_http_origin', 'allow_specific_origin', 10, 2);

function allow_specific_origin($origin, $origin_arg) {
    if ($origin_arg === 'https://example.com') {
        return $origin_arg;
    }
    return '';
}

Allow multiple origins

Allow multiple specified origins to access the resource.

add_filter('allowed_http_origin', 'allow_multiple_origins', 10, 2);

function allow_multiple_origins($origin, $origin_arg) {
    $allowed_origins = array('https://example.com', 'https://anotherexample.com');

    if (in_array($origin_arg, $allowed_origins)) {
        return $origin_arg;
    }
    return '';
}

Allow all origins

Allow all origins to access the resource.

add_filter('allowed_http_origin', 'allow_all_origins', 10, 2);

function allow_all_origins($origin, $origin_arg) {
    return $origin_arg;
}

Block all origins

Block all origins from accessing the resource.

add_filter('allowed_http_origin', 'block_all_origins', 10, 2);

function block_all_origins($origin, $origin_arg) {
    return '';
}

Allow origin based on a condition

Allow origin based on a specific condition, such as checking if the origin is using HTTPS.

add_filter('allowed_http_origin', 'allow_https_origins', 10, 2);

function allow_https_origins($origin, $origin_arg) {
    if (strpos($origin_arg, 'https://') === 0) {
        return $origin_arg;
    }
    return '';
}