is_allowed_http_origin() WordPress Function

The is_allowed_http_origin() function is used to check if an HTTP origin is allowed access to WordPress. This is typically used to restrict access to the WordPress admin panel to only certain domains.

is_allowed_http_origin( null|string $origin = null ) #

Determines if the HTTP origin is an authorized one.

Contents

Parameters

$origin

(null|string)(Optional)Origin URL. If not provided, the value of get_http_origin() is used.

Default value: null

Top ↑

Return

(string) Origin URL if allowed, empty string if not.

Top ↑

Source

File: wp-includes/http.php

function is_allowed_http_origin( $origin = null ) {
	$origin_arg = $origin;

	if ( null === $origin ) {
		$origin = get_http_origin();
	}

	if ( $origin && ! in_array( $origin, get_allowed_http_origins(), true ) ) {
		$origin = '';
	}

	/**
	 * Change the allowed HTTP origin result.
	 *
	 * @since 3.4.0
	 *
	 * @param string $origin     Origin URL if allowed, empty string if not.
	 * @param string $origin_arg Original origin string passed into is_allowed_http_origin function.
	 */
	return apply_filters( 'allowed_http_origin', $origin, $origin_arg );
}

Expand full source codeCollapse full source codeView on TracView on GitHub

Top ↑

Top ↑

Used By

Used By
Used ByDescription
wp-includes/http.php:send_origin_headers()

Send Access-Control-Allow-Origin and related headers if the current request is from an allowed origin.

Top ↑

Changelog

Changelog
VersionDescription
3.4.0Introduced.
Download the latest version of WordPress from https://wordpress.org/

The content displayed on this page has been created in part by processing WordPress source code files which are made available under the GPLv2 (or a later version) license by theĀ Free Software Foundation. In addition to this, the content includes user-written examples and information. All material is subject to review and curation by the WPPaste.com community.