The allowed_http_origin WordPress PHP filter allows you to modify the allowed HTTP origin result. It returns the origin URL if allowed, or an empty string if not.
Usage
add_filter('allowed_http_origin', 'your_custom_function', 10, 2); function your_custom_function($origin, $origin_arg) { // your custom code here return $origin; }
Parameters
$origin
(string): Origin URL if allowed, empty string if not.$origin_arg
(string): Original origin string passed intois_allowed_http_origin
function.
More information
See WordPress Developer Resources: allowed_http_origin
Examples
Allow a specific origin
Allow only the specified origin to access the resource.
add_filter('allowed_http_origin', 'allow_specific_origin', 10, 2); function allow_specific_origin($origin, $origin_arg) { if ($origin_arg === 'https://example.com') { return $origin_arg; } return ''; }
Allow multiple origins
Allow multiple specified origins to access the resource.
add_filter('allowed_http_origin', 'allow_multiple_origins', 10, 2); function allow_multiple_origins($origin, $origin_arg) { $allowed_origins = array('https://example.com', 'https://anotherexample.com'); if (in_array($origin_arg, $allowed_origins)) { return $origin_arg; } return ''; }
Allow all origins
Allow all origins to access the resource.
add_filter('allowed_http_origin', 'allow_all_origins', 10, 2); function allow_all_origins($origin, $origin_arg) { return $origin_arg; }
Block all origins
Block all origins from accessing the resource.
add_filter('allowed_http_origin', 'block_all_origins', 10, 2); function block_all_origins($origin, $origin_arg) { return ''; }
Allow origin based on a condition
Allow origin based on a specific condition, such as checking if the origin is using HTTPS.
add_filter('allowed_http_origin', 'allow_https_origins', 10, 2); function allow_https_origins($origin, $origin_arg) { if (strpos($origin_arg, 'https://') === 0) { return $origin_arg; } return ''; }