I think your method will work because if you make a POST (even with GET) request using Postman or Insomnia the API URL to check the WP version still works. It returns the required data to update WP.
But I would add more validations to avoid errors with another HTTP requests:
add_filter( 'http_request_args', 'stop_sending_wp_data', 10, 2 );
function stop_sending_wp_data( $parsed_args, $url ) {
$wp_url="api.wordpress.org/core/version-check/";
if ( false === strpos( $url, $wp_url ) ) {
return $parsed_args;
}
if ( ! isset( $parsed_args['headers'] ) || ! isset( $parsed_args['headers']['wp_install'] ) ) {
return $parsed_args;
}
$parsed_args['headers']['wp_install'] = 'https://example.com';
$parsed_args['headers']['wp_blog'] = 'https://example.com';
return $parsed_args;
}
Run your code only if $url
matches the API URL, the $wp_url
variable. So it will run for that very specific request and not every request.