The allowed_http_origin WordPress PHP filter allows you to modify the allowed HTTP origin result. It returns the origin URL if allowed, or an empty string if not.
Usage
add_filter('allowed_http_origin', 'your_custom_function', 10, 2);
function your_custom_function($origin, $origin_arg) {
// your custom code here
return $origin;
}
Parameters
$origin(string): Origin URL if allowed, empty string if not.$origin_arg(string): Original origin string passed intois_allowed_http_originfunction.
More information
See WordPress Developer Resources: allowed_http_origin
Examples
Allow a specific origin
Allow only the specified origin to access the resource.
add_filter('allowed_http_origin', 'allow_specific_origin', 10, 2);
function allow_specific_origin($origin, $origin_arg) {
if ($origin_arg === 'https://example.com') {
return $origin_arg;
}
return '';
}
Allow multiple origins
Allow multiple specified origins to access the resource.
add_filter('allowed_http_origin', 'allow_multiple_origins', 10, 2);
function allow_multiple_origins($origin, $origin_arg) {
$allowed_origins = array('https://example.com', 'https://anotherexample.com');
if (in_array($origin_arg, $allowed_origins)) {
return $origin_arg;
}
return '';
}
Allow all origins
Allow all origins to access the resource.
add_filter('allowed_http_origin', 'allow_all_origins', 10, 2);
function allow_all_origins($origin, $origin_arg) {
return $origin_arg;
}
Block all origins
Block all origins from accessing the resource.
add_filter('allowed_http_origin', 'block_all_origins', 10, 2);
function block_all_origins($origin, $origin_arg) {
return '';
}
Allow origin based on a condition
Allow origin based on a specific condition, such as checking if the origin is using HTTPS.
add_filter('allowed_http_origin', 'allow_https_origins', 10, 2);
function allow_https_origins($origin, $origin_arg) {
if (strpos($origin_arg, 'https://') === 0) {
return $origin_arg;
}
return '';
}