The allowed_http_origin WordPress PHP filter allows you to modify the allowed HTTP origin result. It returns the origin URL if allowed, or an empty string if not.
Table of contents
Usage
add_filter('allowed_http_origin', 'your_custom_function', 10, 2);
function your_custom_function($origin, $origin_arg) {
// your custom code here
return $origin;
}
Parameters
$origin(string): Origin URL if allowed, empty string if not.$origin_arg(string): Original origin string passed intois_allowed_http_originfunction.
More information
See WordPress Developer Resources: allowed_http_origin
Examples
Allow a specific origin
Allow only the specified origin to access the resource.
add_filter('allowed_http_origin', 'allow_specific_origin', 10, 2);
function allow_specific_origin($origin, $origin_arg) {
if ($origin_arg === 'https://example.com') {
return $origin_arg;
}
return '';
}
Allow multiple origins
Allow multiple specified origins to access the resource.
add_filter('allowed_http_origin', 'allow_multiple_origins', 10, 2);
function allow_multiple_origins($origin, $origin_arg) {
$allowed_origins = array('https://example.com', 'https://anotherexample.com');
if (in_array($origin_arg, $allowed_origins)) {
return $origin_arg;
}
return '';
}
Allow all origins
Allow all origins to access the resource.
add_filter('allowed_http_origin', 'allow_all_origins', 10, 2);
function allow_all_origins($origin, $origin_arg) {
return $origin_arg;
}
Block all origins
Block all origins from accessing the resource.
add_filter('allowed_http_origin', 'block_all_origins', 10, 2);
function block_all_origins($origin, $origin_arg) {
return '';
}
Allow origin based on a condition
Allow origin based on a specific condition, such as checking if the origin is using HTTPS.
add_filter('allowed_http_origin', 'allow_https_origins', 10, 2);
function allow_https_origins($origin, $origin_arg) {
if (strpos($origin_arg, 'https://') === 0) {
return $origin_arg;
}
return '';
}