send_origin_headers(): string|false

Send Access-Control-Allow-Origin and related headers if the current request is from an allowed origin.

Description
Return
Source
Related
- Uses
- Used By
Changelog
User Contributed Notes

Description

If the request is an OPTIONS request, the script exits with either access control headers sent, or a 403 response if the origin is not allowed. For other request methods, you will receive a return value.

Top ↑

Return

string|false Returns the origin URL if headers are sent. Returns false if headers are not sent.

Top ↑

Source

File: wp-includes/http.php. View all references

function send_origin_headers() {
	$origin = get_http_origin();

	if ( is_allowed_http_origin( $origin ) ) {
		header( 'Access-Control-Allow-Origin: ' . $origin );
		header( 'Access-Control-Allow-Credentials: true' );
		if ( 'OPTIONS' === $_SERVER['REQUEST_METHOD'] ) {
			exit;
		}
		return $origin;
	}

	if ( 'OPTIONS' === $_SERVER['REQUEST_METHOD'] ) {
		status_header( 403 );
		exit;
	}

	return false;
}

View on Trac View on GitHub

Top ↑

Uses

Uses
Uses	Description
status_header() wp-includes/functions.php	Sets HTTP status header.
is_allowed_http_origin() wp-includes/http.php	Determines if the HTTP origin is an authorized one.
get_http_origin() wp-includes/http.php	Get the HTTP Origin of the current request.