get_allowed_http_origins() WordPress Function

The get_allowed_http_origins() function is used to get the list of origins allowed for cross-domain requests. This function is useful for making sure that cross-domain requests are only made to trusted origins.

get_allowed_http_origins() #

Retrieve list of allowed HTTP origins.


Return

(string[]) Array of origin URLs.


Top ↑

Source

File: wp-includes/http.php

415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
function get_allowed_http_origins() {
    $admin_origin = parse_url( admin_url() );
    $home_origin  = parse_url( home_url() );
 
    // @todo Preserve port?
    $allowed_origins = array_unique(
        array(
            'http://' . $admin_origin['host'],
            'https://' . $admin_origin['host'],
            'http://' . $home_origin['host'],
            'https://' . $home_origin['host'],
        )
    );
 
    /**
     * Change the origin types allowed for HTTP requests.
     *
     * @since 3.4.0
     *
     * @param string[] $allowed_origins {
     *     Array of default allowed HTTP origins.
     *
     *     @type string $0 Non-secure URL for admin origin.
     *     @type string $1 Secure URL for admin origin.
     *     @type string $2 Non-secure URL for home origin.
     *     @type string $3 Secure URL for home origin.
     * }
     */
    return apply_filters( 'allowed_http_origins', $allowed_origins );
}


Top ↑

Changelog

Changelog
VersionDescription
3.4.0Introduced.

The content displayed on this page has been created in part by processing WordPress source code files which are made available under the GPLv2 (or a later version) license by the Free Software Foundation. In addition to this, the content includes user-written examples and information. All material is subject to review and curation by the WPPaste.com community.