Manual:$wgCrossSiteAJAXdomains/fr

From MediaWiki.org
Jump to navigation Jump to search
This page is a translated version of the page Manual:$wgCrossSiteAJAXdomains and the translation is 0% complete.
Other languages:
English • ‎français • ‎magyar • ‎polski • ‎中文 • ‎日本語
API: $wgCrossSiteAJAXdomains
Domains that may make cross-site Ajax requests to the MediaWiki API.
Introduit dans la version :1.16.0 (r54127)
Retiré dans la version :Encore utilisé
Valeurs autorisées :(array)
Valeur par défaut :[]

Details

Allows Ajax requests from certain domains to make cross-site requests to a wiki's API (see Manuel:CORS/fr for example usage). This uses the Access-Control-Allow-Origin HTTP header. Note that some older browsers don't support this. This only affects requests to the API. Other entry points (index.php) are not affected.

The value must be a list of allowed domain names, which can include shell-style wildcards (? to match any character, * to match any number (including zero) of characters). An empty array means no external access is allowed.

Some examples:

Allow any domain to access the API via Ajax (This is insecure):

$wgCrossSiteAJAXdomains = [
    '*'
];

Allow two specific domains:

$wgCrossSiteAJAXdomains = [
    'en.wikipedia.org',
    'en.wikibooks.org'
];

Allow all subdomains of a domain (including "deep" subdomains such as en.m.wikipedia.org):

$wgCrossSiteAJAXdomains = [
    '*.wikipedia.org'
];

See gerrit:9624 for a usage example.

Avertissement Avertissement : Any site listed in this config setting can take actions on behalf of your logged in users if they visit that site. Only include sites that you trust in this variable

See also