Manual:Hooks/RequestHasSameOriginSecurity

From MediaWiki.org
Jump to navigation Jump to search
RequestHasSameOriginSecurity
Available from version 1.27.0
Called to determine if the request is somehow flagged to lack same-origin security.
Define function:
public static function onRequestHasSameOriginSecurity( WebRequest $request ) { ... }
Attach hook:

In extension.json:

{
	"Hooks": {
		"RequestHasSameOriginSecurity": "MyExtensionHooks::onRequestHasSameOriginSecurity"
	}
}

For MediaWiki ≤1.25:

$wgHooks['RequestHasSameOriginSecurity'][] = 'MyExtensionHooks::onRequestHasSameOriginSecurity';
Called from:File(s): api/ApiMain.php
Function(s): lacksSameOriginSecurity

For more information about attaching hooks, see Manual:Hooks.
For examples of extensions using this hook, see Category:RequestHasSameOriginSecurity extensions.

Return false to indicate that the same-origin security is somehow lacked. Note if the "somehow" involves HTTP headers, you'll probably need to make sure the header is varied on.

This hook was added in a security patch and thus not available on Gerrit. It was added in https://gerrit.wikimedia.org/r/plugins/gitiles/mediawiki/core/+/9ec1ef7308acc0366e92f8e6af10ce3cb22b5065%5E%21/.

Details[edit]

  • $request: The WebRequest object.