Translations:API:Cross-site requests/14/en

Unauthenticated CORS requests may be made from any origin by setting the "origin" request parameter to "*". In this case MediaWiki will include the $code2 header in the response and will process the request as if logged out (in case credentials are somehow sent anyway).