send_origin_headers

The timeline below displays how wordpress function send_origin_headers has changed across different WordPress versions. If a version is not listed, refer to the next available version below.

WordPress Version: 5.3

/**
 * Send Access-Control-Allow-Origin and related headers if the current request
 * is from an allowed origin.
 *
 * If the request is an OPTIONS request, the script exits with either access
 * control headers sent, or a 403 response if the origin is not allowed. For
 * other request methods, you will receive a return value.
 *
 * @since 3.4.0
 *
 * @return string|false Returns the origin URL if headers are sent. Returns false
 *                      if headers are not sent.
 */
function send_origin_headers()
{
    $origin = get_http_origin();
    if (is_allowed_http_origin($origin)) {
        header('Access-Control-Allow-Origin: ' . $origin);
        header('Access-Control-Allow-Credentials: true');
        if ('OPTIONS' === $_SERVER['REQUEST_METHOD']) {
            exit;
        }
        return $origin;
    }
    if ('OPTIONS' === $_SERVER['REQUEST_METHOD']) {
        status_header(403);
        exit;
    }
    return false;
}

WordPress Version: 4.3

/**
 * Send Access-Control-Allow-Origin and related headers if the current request
 * is from an allowed origin.
 *
 * If the request is an OPTIONS request, the script exits with either access
 * control headers sent, or a 403 response if the origin is not allowed. For
 * other request methods, you will receive a return value.
 *
 * @since 3.4.0
 *
 * @return string|false Returns the origin URL if headers are sent. Returns false
 *                      if headers are not sent.
 */
function send_origin_headers()
{
    $origin = get_http_origin();
    if (is_allowed_http_origin($origin)) {
        @header('Access-Control-Allow-Origin: ' . $origin);
        @header('Access-Control-Allow-Credentials: true');
        if ('OPTIONS' === $_SERVER['REQUEST_METHOD']) {
            exit;
        }
        return $origin;
    }
    if ('OPTIONS' === $_SERVER['REQUEST_METHOD']) {
        status_header(403);
        exit;
    }
    return false;
}

WordPress Version: 3.7

/**
 * Send Access-Control-Allow-Origin and related headers if the current request
 * is from an allowed origin.
 *
 * If the request is an OPTIONS request, the script exits with either access
 * control headers sent, or a 403 response if the origin is not allowed. For
 * other request methods, you will receive a return value.
 *
 * @since 3.4.0
 *
 * @return bool|string Returns the origin URL if headers are sent. Returns false
 * if headers are not sent.
 */
function send_origin_headers()
{
    $origin = get_http_origin();
    if (is_allowed_http_origin($origin)) {
        @header('Access-Control-Allow-Origin: ' . $origin);
        @header('Access-Control-Allow-Credentials: true');
        if ('OPTIONS' === $_SERVER['REQUEST_METHOD']) {
            exit;
        }
        return $origin;
    }
    if ('OPTIONS' === $_SERVER['REQUEST_METHOD']) {
        status_header(403);
        exit;
    }
    return false;
}