Manual:$wgRestAllowCrossOriginCookieAuth

From mediawiki.org
Jump to navigation Jump to search
Other languages:
English • ‎русский • ‎العربية • ‎日本語
Miscellaneous settings: $wgRestAllowCrossOriginCookieAuth
Allows authenticated cross-origin requests to the REST API with session cookies.
Introduced in version:1.36.0 (Gerrit change 621900; git #c36b3204)
Removed in version:still in use
Allowed values:(boolean)
Default value:false

Details[edit]

Allows authenticated cross-origin requests to the REST API with session cookies.

With this option enabled, any origin specified in $wgCrossSiteAJAXdomains may send session cookies for authorization in the REST API.

There is a performance impact by enabling this option. Therefore, it should be left disabled for most wikis and clients should instead use OAuth to make cross-origin authenticated requests.

See also[edit]