Translations:Manual:$wgRestAllowCrossOriginCookieAuth/5/en

With this option enabled, any origin specified in $1 may send session cookies for authorization in the REST API.