Is there a way to enable Cross-Origin Resource Sharing for WordPress' ajaxurl?

WordPress already has a default URL for jQuery-WordPress application calls and it’s well known as the ajaxurl. However, there are cases wherein one would need to enable Cross-Origin Resource Sharing (CORS) on it such that any hostname will be able to access using it.

My current solutions is by adding a line in /wp-includes/http.php with:

@header( 'Access-Control-Allow-Origin: *' );

Such that it will be:

http.php

...
function send_origin_headers() {
    $origin = get_http_origin();

    @header( 'Access-Control-Allow-Origin: *' );
    if ( is_allowed_http_origin( $origin ) ) {
        @header( 'Access-Control-Allow-Origin: ' .  $origin );
        @header( 'Access-Control-Allow-Credentials: true' );
        if ( 'OPTIONS' === $_SERVER['REQUEST_METHOD'] )
            exit;
        return $origin;
    }

    if ( 'OPTIONS' === $_SERVER['REQUEST_METHOD'] ) {
        status_header( 403 );
        exit;
    }

    return false;
}
...

It works but editing the WordPress core is not a good solution.

Is there a better way to enable CORS for the ajaxurl?

Solutions Collecting From Web of "Is there a way to enable Cross-Origin Resource Sharing for WordPress' ajaxurl?"

Milo is correct.

For instance, go to your theme’s functions.php file, and add the following:

add_filter( 'allowed_http_origins', 'add_allowed_origins' );
function add_allowed_origins( $origins ) {
    $origins[] = 'https://site1.example.com';
    $origins[] = 'https://site2.example.com';
    return $origins;
}

Now an ajax call from https://site1.example.com to your site’s ajax url will have the appropriate Access-Control-Allow-Origin header in the response. eg.

$.ajax({
    url: 'https://site1.example.com/wp-admin/admin-ajax.php',
    type: "POST",
    data: {
        ...
    },
    success: function(doc) {
        ...
    }
});

You can achieve it by the following code.

Open you header.php

find the following text in that file

< !DOCTYPE html>

and replace it with the following.

<?php /** @package WordPress @subpackage Default_Theme  **/
header("Access-Control-Allow-Origin: *"); 
?>
<! DOCTYPE html>
...

Now u can find Access-Control-Allow-Origin: * in your header.

Hope this helps..!Cheers.