Handbuch:$wgRestAllowCrossOriginCookieAuth

This page is a translated version of the page Manual:$wgRestAllowCrossOriginCookieAuth and the translation is 36% complete.

Sicherheit: $wgRestAllowCrossOriginCookieAuth
Allows authenticated cross-origin requests to the REST API with session cookies.
Eingeführt in Version:	1.36.0 (Gerrit change 621900; git #c36b3204)
Entfernt in Version:	Weiterhin vorhanden
Erlaubte Werte:	(Wahrheitswert)
Standardwert:	`false`
Andere Einstellungen: Alphabetisch \| Nach Funktion

Details

Allows authenticated cross-origin requests to the REST API with session cookies.

With this option enabled, any origin specified in $wgCrossSiteAJAXdomains may send session cookies for authorization in the REST API.

"authenticated" means authentication methods where the browser would automatically add authentication information to these requests (such as cookies or HTTP Basic Authentication). The more accurate term would be credentialed. Custom authentication mechanisms such as OAuth are not affected by this setting.

There is a performance impact by enabling this option. Therefore, it should be left disabled for most wikis and clients should instead use OAuth to make cross-origin authenticated requests.

Siehe auch

https://developer.mozilla.org/docs/Web/HTTP/Headers/Access-Control-Allow-Credentials