Jump to content

Podręcznik:$wgApiFrameOptions

From mediawiki.org
This page is a translated version of the page Manual:$wgApiFrameOptions and the translation is 25% complete.
Languages:
Bezpieczeństwo: $wgApiFrameOptions
Control framing of api pages.
Wprowadzono w wersji:1.20.0 (Gerrit change 20472; git #32b99b11)
Usunięto w wersji:nadal w użyciu
Dozwolone wartości:(ciąg znaków) lub false
Domyślna wartość:'DENY'
Inne ustawienia: Alfabetycznie | Według funkcji

Szczegóły

Disallow framing of API pages directly, by setting the X-Frame-Options header. Since the API returns CSRF tokens, allowing the results to be framed can compromise your user's account security.

Options are:

'DENY'
Do not allow framing. This is recommended for most wikis.
'SAMEORIGIN'
Allow framing by pages on the same domain. This can be used to allow framing within a trusted origin. This is insecure if there is a page on the same origin that allows framing of arbitrary URLs.
false
Allow all framing. This opens up the wiki to XSS attacks and thus full compromise of local user accounts. Private wikis behind a corporate firewall are especially vulnerable. This is not recommended.

Zobacz też

Retrieved from "https://www.mediawiki.org/w/index.php?title=Manual:$wgApiFrameOptions/pl&oldid=8152932"