Question

send_origin_headers()

Send Access-Control-Allow-Origin and 相关函数 headers if the current request is from an allowed origin.

---

description

If the request is an OPTIONS request, the script exits with either access control headers sent, or a 403 response if the origin is not allowed. For other request methods, you will receive a return value.

---

返回值

(string|false) Returns the origin URL if headers are sent. Returns false if headers are not sent.

---

源代码

File: wp-includes/http.php

function send_origin_headers() {
	$origin = get_http_origin();

	if ( is_allowed_http_origin( $origin ) ) {
		@header( 'Access-Control-Allow-Origin: ' .  $origin );
		@header( 'Access-Control-Allow-Credentials: true' );
		if ( 'OPTIONS' === $_SERVER['REQUEST_METHOD'] )
			exit;
		return $origin;
	}

	if ( 'OPTIONS' === $_SERVER['REQUEST_METHOD'] ) {
		status_header( 403 );
		exit;
	}

	return false;
}

---

更新日志

Version	description
3.4.0	Introduced.

---

相关函数

Uses

• wp-includes/functions.php: status_header()
• wp-includes/http.php: is_allowed_http_origin()
• wp-includes/http.php: get_http_origin()

---

Used By

• wp-includes/class-wp-customize-manager.php: WP_Customize_Manager::setup_theme()

---

User Contributed Notes