The http_origin WordPress PHP Filter allows you to change the origin of an HTTP request.
Usage
add_filter('http_origin', 'your_function_name'); function your_function_name($origin) { // your custom code here return $origin; }
Parameters
- $origin (string) – The original origin for the request.
More information
See WordPress Developer Resources: http_origin
Examples
Allow requests from a specific domain
To change the origin to allow requests from “example.com“:
add_filter('http_origin', 'allow_specific_origin'); function allow_specific_origin($origin) { $allowed_origin = 'https://example.com'; return $allowed_origin; }
Allow requests from multiple domains
To allow requests from multiple domains, use an array of allowed origins:
add_filter('http_origin', 'allow_multiple_origins'); function allow_multiple_origins($origin) { $allowed_origins = array('https://example.com', 'https://example2.com'); if (in_array($origin, $allowed_origins)) { return $origin; } }
Allow requests from all domains
To allow requests from all domains, return an asterisk (*) as the origin:
add_filter('http_origin', 'allow_all_origins'); function allow_all_origins($origin) { return '*'; }
Block requests from a specific domain
To block requests from a specific domain, check if the origin matches the blocked domain and return an empty string if it does:
add_filter('http_origin', 'block_specific_origin'); function block_specific_origin($origin) { $blocked_origin = 'https://blocked-example.com'; if ($origin == $blocked_origin) { return ''; } return $origin; }
Allow requests only from the same domain
To allow requests only from the same domain as your WordPress site, use the get_site_url
function to compare the origins:
add_filter('http_origin', 'allow_same_origin'); function allow_same_origin($origin) { $site_origin = get_site_url(null, '', 'https'); if ($origin == $site_origin) { return $origin; } }