Manual:$wgRestAllowCrossOriginCookieAuth/ru
| Безопасность: $wgRestAllowCrossOriginCookieAuth | |
|---|---|
| Allows authenticated cross-origin requests to the REST API with session cookies. |
|
| Введено в версии: | 1.36.0 (Gerrit change 621900; git #c36b3204) |
| Удалено в версии: | всё ещё используется |
| Допустимые значения: | (boolean) |
| Значение по умолчанию: | false |
| Другие настройки: По алфавиту | По функциональности | |
Details
Allows authenticated cross-origin requests to the REST API with session cookies.
With this option enabled, any origin specified in $wgCrossSiteAJAXdomains may send session cookies for authorization in the REST API.
"authenticated" means authentication methods where the browser would automatically add authentication information to these requests (such as cookies or HTTP Basic Authentication). The more accurate term would be credentialed. Custom authentication mechanisms such as OAuth are not affected by this setting.
There is a performance impact by enabling this option. Therefore, it should be left disabled for most wikis and clients should instead use OAuth to make cross-origin authenticated requests.