Manual:$wgRestAllowCrossOriginCookieAuth/ru
From Linux Web Expert
| <translate> Security</translate>: $wgRestAllowCrossOriginCookieAuth | |
|---|---|
| Allows authenticated cross-origin requests to the REST API with session cookies. |
|
| <translate> Introduced in version:</translate> | 1.36.0 (Gerrit change 621900; git #c36b3204) |
| <translate> Removed in version:</translate> | <translate> still in use</translate> |
| <translate> Allowed values:</translate> | (boolean) |
| <translate> Default value:</translate> | false |
| <translate> Other settings:</translate> <translate> Alphabetical</translate> | <translate> By function</translate> | |
Details
Allows authenticated cross-origin requests to the REST API with session cookies.
With this option enabled, any origin specified in $wgCrossSiteAJAXdomains may send session cookies for authorization in the REST API.
There is a performance impact by enabling this option. Therefore, it should be left disabled for most wikis and clients should instead use OAuth to make cross-origin authenticated requests.
