WordPress plugin to limit the Access-Control-Allow-Origin header to only allowed origins.
Access-Control-Allow-Origin for REST API access to only allowed origins by
is_allowed_http_origin(). By default this includes the home and site URLs.
If you're using Composer to manage dependencies, you can use the following command to add the plugin to your site:
composer require wearerequired/rest-api-same-origin