Manual:$wgAllowCrossOrigin/de-formal

Details
Allow anonymous cross origin requests.

This should be disabled for intranet sites (sites behind a firewall).