Manual:$wgAllowAuthenticatedCrossOrigin
 | This feature was removed from MediaWiki core in version 1.44.0.
Please see $wgCrossSiteAJAXdomains for an alternative way to use this feature. |
| Security: $wgAllowAuthenticatedCrossOrigin | |
|---|---|
| Allow non-anonymous cross-origin requests to the Action API. |
|
| Introduced in version: | 1.44.0 (Gerrit change 926663; git #87f039b6) |
| Removed in version: | 1.44.0 (Gerrit change 1118584; git #06147f83) |
| Allowed values: | (boolean) |
| Default value: | true |
| Other settings: Alphabetical | By function | |
 Warning: | EXPERIMENTAL! |
Details
[edit]Allow non-anonymous cross-origin requests to the Action API.
If true, certain session providers (such as OAuth, but not cookie-based sessions) may allow users to make cross-origin requests that are treated as logged in.
Users must request this via crossorigin=1 in the URL, replacing origin=* (which allows logged-out cross-origin requests).
This setting is currently experimental, and may be removed or enabled by default later.