WordPress.org
Get WordPress
WordPress.org

WordPress Developer Resources

is_allowed_http_origin()

is_allowed_http_origin( string|null $origin = null ): string

In this article

Back to top

Determines if the HTTP origin is an authorized one.

Parameters

$originstring|nulloptional
Origin URL. If not provided, the value of get_http_origin() is used.

Default:null

Return

string Origin URL if allowed, empty string if not.

Source

function is_allowed_http_origin( $origin = null ) {
	$origin_arg = $origin;

	if ( null === $origin ) {
		$origin = get_http_origin();
	}

	if ( $origin && ! in_array( $origin, get_allowed_http_origins(), true ) ) {
		$origin = '';
	}

	/**
	 * Change the allowed HTTP origin result.
	 *
	 * @since 3.4.0
	 *
	 * @param string $origin     Origin URL if allowed, empty string if not.
	 * @param string $origin_arg Original origin string passed into is_allowed_http_origin function.
	 */
	return apply_filters( 'allowed_http_origin', $origin, $origin_arg );
}

View all references View on Trac View on GitHub

Hooks

apply_filters( ‘allowed_http_origin’, string $origin, string $origin_arg )

Change the allowed HTTP origin result.

UsesDescription
get_http_origin()wp-includes/http.php

Get the HTTP Origin of the current request.

get_allowed_http_origins()wp-includes/http.php

Retrieve list of allowed HTTP origins.

apply_filters()wp-includes/plugin.php

Calls the callback functions that have been added to a filter hook.

Show 1 moreShow less
Used byDescription
send_origin_headers()wp-includes/http.php

Send Access-Control-Allow-Origin and related headers if the current request is from an allowed origin.

Changelog

VersionDescription
3.4.0Introduced.

User Contributed Notes

You must log in before being able to contribute a note or feedback.