Manual:$wgAllowCrossOrigin/fr

Détails
Allow anonymous cross origin requests.

This should be disabled for intranet sites (sites behind a firewall).