send_origin_headers()

Send Access-Control-Allow-Origin and related headers if the current request is from an allowed origin.

Contents

Description Description

If the request is an OPTIONS request, the script exits with either access control headers sent, or a 403 response if the origin is not allowed. For other request methods, you will receive a return value.

Return Return

(string|false) Returns the origin URL if headers are sent. Returns false if headers are not sent.

Top ↑

Source Source

File: wp-includes/http.php 

function send_origin_headers() {
	$origin = get_http_origin();

	if ( is_allowed_http_origin( $origin ) ) {
		header( 'Access-Control-Allow-Origin: ' . $origin );
		header( 'Access-Control-Allow-Credentials: true' );
		if ( 'OPTIONS' === $_SERVER['REQUEST_METHOD'] ) {
			exit;
		}
		return $origin;
	}

	if ( 'OPTIONS' === $_SERVER['REQUEST_METHOD'] ) {
		status_header( 403 );
		exit;
	}

	return false;
}

Expand full source code Collapse full source code View on Trac

Top ↑

Changelog Changelog

Changelog
Version Description
3.4.0 Introduced.

Top ↑

Top ↑

User Contributed Notes User Contributed Notes

You must log in before being able to contribute a note or feedback.