Filter: wpd_ai_event_tracking_prevent_foreign_referrals

When true, the event tracking REST endpoint returns 403 Forbidden for requests whose referer is from a different domain.

Description

Alpha Insights validates that the request referer matches the site in some cases. If you want to block all events that come from a different host (e.g. to prevent cross-site event injection), return true from this filter. When the referer is considered "foreign," the API responds with a 403 and message "Forbidden request." (code invalid_referer). Default is false.

Location

File: includes/classes/WPDAI_Woocommerce_Event_Tracking.php

Context: REST request validation when the referer host does not match the site host.

Parameters

Parameter	Type	Description
(none)	—	No parameters passed. Return true to block foreign referers; false to allow.

Return

Type: bool

True to block the request (403); false to allow it (default).

Example Usage

Block events from other domains

add_filter( 'wpd_ai_event_tracking_prevent_foreign_referrals', '__return_true' );

Block only in production

add_filter( 'wpd_ai_event_tracking_prevent_foreign_referrals', 'block_foreign_referers_in_production' );
function block_foreign_referers_in_production() {
    return wp_get_environment_type() === 'production';
}

Related Filters

wpd_ai_event_data_before_insertion – Modify event data before insert
wpd_ai_event_tracking_block_request_by_data – Block by payload data
wpd_ai_event_tracking_enable_logging – Event tracking logging