Jump to navigation Jump to search
Other languages:
Bahasa Indonesia • ‎English • ‎français • ‎magyar • ‎polski • ‎中文 • ‎日本語
API: $wgCrossSiteAJAXdomains
Domains that may make cross-site Ajax requests to the MediaWiki API.
Introduced in version:1.16.0 (r54127)
Removed in version:still in use
Allowed values:(array)
Default value:[]


Allows Ajax requests from certain domains to make cross-site requests to a wiki's API (see Manual:CORS for example usage). This uses the Access-Control-Allow-Origin HTTP header. Note that some older browsers don't support this. This only affects requests to the API. Other entry points (index.php) are not affected.

The value must be a list of allowed domain names, which can include shell-style wildcards (? to match any character, * to match any number (including zero) of characters). An empty array means no external access is allowed.

Some examples:

Allow any domain to access the API via Ajax:

$wgCrossSiteAJAXdomains = array( '*' );

Allow two specific domains:

$wgCrossSiteAJAXdomains = array( '', '' );

Allow all subdomains of a domain (including "deep" subdomains such as

$wgCrossSiteAJAXdomains = array( '*' );

See gerrit:9624 for a usage example.

See also[edit]