send_origin_headers

Send Access-Control-Allow-Origin and related headers if the current request is from an allowed origin.

Description

(string|false) send_origin_headers(); 

If the request is an OPTIONS request, the script exits with either access control headers sent, or a 403 response if the origin is not allowed. For other request methods, you will receive a return value.

Returns (string|false)

Returns the origin URL if headers are sent. Returns false if headers are not sent.


Usage

  1. if ( !function_exists( 'send_origin_headers' ) ) { 
  2. require_once ABSPATH . WPINC . '/http.php'; 
  3.  
  4.  
  5. // NOTICE! Understand what this does before running. 
  6. $result = send_origin_headers(); 
  7.  

Defined (1)

The function is defined in the following location(s).

/wp-includes/http.php  
  1. function send_origin_headers() { 
  2. $origin = get_http_origin(); 
  3.  
  4. if ( is_allowed_http_origin( $origin ) ) { 
  5. @header( 'Access-Control-Allow-Origin: ' . $origin ); 
  6. @header( 'Access-Control-Allow-Credentials: true' ); 
  7. if ( 'OPTIONS' === $_SERVER['REQUEST_METHOD'] ) 
  8. exit; 
  9. return $origin; 
  10.  
  11. if ( 'OPTIONS' === $_SERVER['REQUEST_METHOD'] ) { 
  12. status_header( 403 ); 
  13. exit; 
  14.  
  15. return false;