send_origin_headers()
Send Access-Control-Allow-Origin and related headers if the current request is from an allowed origin.
If the request is an OPTIONS request, the script exits with either access control headers sent, or a 403 response if the origin is not allowed. For other request methods, you will receive a return value.
No Hooks.
Return
String|false. Returns the origin URL if headers are sent. Returns false if headers are not sent.
Usage
send_origin_headers();
Changelog
| Since 3.4.0 | Introduced. |
send_origin_headers() send origin headers code WP 6.5.2
function send_origin_headers() {
$origin = get_http_origin();
if ( is_allowed_http_origin( $origin ) ) {
header( 'Access-Control-Allow-Origin: ' . $origin );
header( 'Access-Control-Allow-Credentials: true' );
if ( 'OPTIONS' === $_SERVER['REQUEST_METHOD'] ) {
exit;
}
return $origin;
}
if ( 'OPTIONS' === $_SERVER['REQUEST_METHOD'] ) {
status_header( 403 );
exit;
}
return false;
}