Manual:$wgAllowAuthenticatedCrossOrigin

Category:MediaWiki configuration settings#AllowAuthenticatedCrossOriginCategory:MediaWiki configuration settings introduced in version 1.44.0#AllowAuthenticatedCrossOriginCategory:MediaWiki configuration settings removed in version 1.44.0#AllowAuthenticatedCrossOriginCategory:MediaWiki deprecated or obsolete features#AllowAuthenticatedCrossOriginCategory:Content Security Policy variables#AllowAuthenticatedCrossOrigin
Security: $wgAllowAuthenticatedCrossOrigin
Allow non-anonymous cross-origin requests to the Action API.
Introduced in version:1.44.0 (Gerrit change 926663; git #87f039b6)
Removed in version:1.44.0 (Gerrit change 1118584; git #06147f83)
Allowed values:(boolean)
Default value:true
Other settings: Alphabetical | By function
Warning Warning: EXPERIMENTAL!

Details

Allow non-anonymous cross-origin requests to the Action API. If true, certain session providers (such as OAuth, but not cookie-based sessions) may allow users to make cross-origin requests that are treated as logged in. Users must request this via crossorigin=1 in the URL, replacing origin=* (which allows logged-out cross-origin requests). This setting is currently experimental, and may be removed or enabled by default later.

Category:Content Security Policy variables Category:MediaWiki configuration settings Category:MediaWiki configuration settings introduced in version 1.44.0 Category:MediaWiki configuration settings removed in version 1.44.0 Category:MediaWiki deprecated or obsolete features