Filter: wpd_ai_event_tracking_prevent_foreign_referrals
When true, the event tracking REST endpoint returns 403 Forbidden for requests whose referer is from a different domain.
Description
Alpha Insights validates that the request referer matches the site in some cases. If you want to block all events that come from a different host (e.g. to prevent cross-site event injection), return true from this filter. When the referer is considered “foreign,” the API responds with a 403 and message “Forbidden request.” (code invalid_referer). Default is false.
Location
File: includes/classes/WPDAI_Woocommerce_Event_Tracking.php
Context: REST request validation when the referer host does not match the site host.
Parameters
| Parameter | Type | Description |
|---|---|---|
| (none) | — | No parameters passed. Return true to block foreign referers; false to allow. |
Return
Type: bool
True to block the request (403); false to allow it (default).
Example Usage
Block events from other domains
add_filter( 'wpd_ai_event_tracking_prevent_foreign_referrals', '__return_true' );Block only in production
add_filter( 'wpd_ai_event_tracking_prevent_foreign_referrals', 'block_foreign_referers_in_production' );
function block_foreign_referers_in_production() {
return wp_get_environment_type() === 'production';
}Related Filters
- wpd_ai_event_data_before_insertion – Modify event data before insert
- wpd_ai_event_tracking_block_request_by_data – Block by payload data
- wpd_ai_event_tracking_enable_logging – Event tracking logging
