Using WordPress ‘get_allowed_http_origins()’ PHP function

The get_allowed_http_origins() WordPress PHP function retrieves a list of allowed HTTP origins.

Usage

$allowed_origins = get_allowed_http_origins();

Parameters

  • None

More information

See WordPress Developer Resources: get_allowed_http_origins()

Examples

Allow additional origin for a specific domain

To allow an additional origin for a specific domain, you can use the allowed_http_origins filter.

// Add a custom domain to the allowed HTTP origins list
function my_custom_allowed_origins($origins) {
    $origins[] = 'https://www.example.com';
    return $origins;
}
add_filter('allowed_http_origins', 'my_custom_allowed_origins');

Restrict allowed origins to a specific domain

To restrict the allowed origins to a specific domain, you can replace the entire list using the allowed_http_origins filter.

// Restrict allowed HTTP origins to a specific domain
function my_restrict_allowed_origins($origins) {
    return array('https://www.example.com');
}
add_filter('allowed_http_origins', 'my_restrict_allowed_origins');

Remove an origin from the list

If you want to remove a specific origin from the list, you can use the allowed_http_origins filter.

// Remove an origin from the allowed HTTP origins list
function my_remove_allowed_origin($origins) {
    $key = array_search('https://www.example.com', $origins);
    if ($key !== false) {
        unset($origins[$key]);
    }
    return $origins;
}
add_filter('allowed_http_origins', 'my_remove_allowed_origin');

Allow all origins

To allow all origins, you can use the allowed_http_origins filter and return a wildcard.

// Allow all HTTP origins
function my_allow_all_origins($origins) {
    return array('*');
}
add_filter('allowed_http_origins', 'my_allow_all_origins');

Debugging allowed origins

To debug the allowed origins list, you can print the list to the error log.

// Debug allowed HTTP origins
function my_debug_allowed_origins() {
    $allowed_origins = get_allowed_http_origins();
    error_log(print_r($allowed_origins, true));
}
add_action('init', 'my_debug_allowed_origins');