tushar-borole · March 23, 2017 16:26
diff --git a/wp-api-cors.php b/wp-api-cors.php
 <?php
 /**
 * Use * for origin
 */
 add_action( 'rest_api_init', function() {
    
 	remove_filter( 'rest_pre_serve_request', 'rest_send_cors_headers' );
 	add_filter( 'rest_pre_serve_request', function( $value ) {
 		header( 'Access-Control-Allow-Origin: *' );
 		header( 'Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE' );
 		header( 'Access-Control-Allow-Credentials: true' );

 		return $value;
 		
 	});
 }, 15 );


 /**
 * Only allow GET requests
 */
 add_action( 'rest_api_init', function() {
    
 	remove_filter( 'rest_pre_serve_request', 'rest_send_cors_headers' );
 	add_filter( 'rest_pre_serve_request', function( $value ) {
 		$origin = get_http_origin();
 		if ( $origin ) {
 			header( 'Access-Control-Allow-Origin: ' . esc_url_raw( $origin ) );
 		}
 		header( 'Access-Control-Allow-Origin: ' . esc_url_raw( site_url() ) );
 		header( 'Access-Control-Allow-Methods: GET' );

 		return $value;
 		
 	});
 }, 15 );


 /**
 * Only allow same origin
 */
 add_action( 'rest_api_init', function() {

 	remove_filter( 'rest_pre_serve_request', 'rest_send_cors_headers' );
 	add_filter( 'rest_pre_serve_request', function( $value ) {
 		header( 'Access-Control-Allow-Origin: ' . esc_url_raw( site_url() ) );
 		header( 'Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE' );
 		header( 'Access-Control-Allow-Credentials: true' );

 		return $value;
 		
 	});
 }, 15 );


 /**
 * Only from certain origins
 */
 add_action( 'rest_api_init', function() {

 	remove_filter( 'rest_pre_serve_request', 'rest_send_cors_headers' );
 	add_filter( 'rest_pre_serve_request', function( $value ) {

 		$origin = get_http_origin();
 		if ( $origin && in_array( $origin, array(
 				//define some origins!
 			) ) ) {
 			header( 'Access-Control-Allow-Origin: ' . esc_url_raw( $origin ) );
 			header( 'Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE' );
 			header( 'Access-Control-Allow-Credentials: true' );
 		}

 		return $value;
 		
 	});
 }, 15 );
	<?php
	/**
	* Use * for origin
	*/
	add_action( 'rest_api_init', function() {

	remove_filter( 'rest_pre_serve_request', 'rest_send_cors_headers' );
	add_filter( 'rest_pre_serve_request', function( $value ) {
	header( 'Access-Control-Allow-Origin: *' );
	header( 'Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE' );
	header( 'Access-Control-Allow-Credentials: true' );

	return $value;

	});
	}, 15 );


	/**
	* Only allow GET requests
	*/
	add_action( 'rest_api_init', function() {

	remove_filter( 'rest_pre_serve_request', 'rest_send_cors_headers' );
	add_filter( 'rest_pre_serve_request', function( $value ) {
	$origin = get_http_origin();
	if ( $origin ) {
	header( 'Access-Control-Allow-Origin: ' . esc_url_raw( $origin ) );
	}
	header( 'Access-Control-Allow-Origin: ' . esc_url_raw( site_url() ) );
	header( 'Access-Control-Allow-Methods: GET' );

	return $value;

	});
	}, 15 );


	/**
	* Only allow same origin
	*/
	add_action( 'rest_api_init', function() {

	remove_filter( 'rest_pre_serve_request', 'rest_send_cors_headers' );
	add_filter( 'rest_pre_serve_request', function( $value ) {
	header( 'Access-Control-Allow-Origin: ' . esc_url_raw( site_url() ) );
	header( 'Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE' );
	header( 'Access-Control-Allow-Credentials: true' );

	return $value;

	});
	}, 15 );


	/**
	* Only from certain origins
	*/
	add_action( 'rest_api_init', function() {

	remove_filter( 'rest_pre_serve_request', 'rest_send_cors_headers' );
	add_filter( 'rest_pre_serve_request', function( $value ) {

	$origin = get_http_origin();
	if ( $origin && in_array( $origin, array(
	//define some origins!
	) ) ) {
	header( 'Access-Control-Allow-Origin: ' . esc_url_raw( $origin ) );
	header( 'Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE' );
	header( 'Access-Control-Allow-Credentials: true' );
	}

	return $value;

	});
	}, 15 );