Manual:$wgAllowedCorsHeaders

From Linux Web Expert

The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.
<translate> API</translate>: $wgAllowedCorsHeaders
List of allowed headers for cross-origin API requests.
<translate> Introduced in version:</translate>1.35.0 (Gerrit change 585491; git #0ed077d3)
<translate> Removed in version:</translate><translate> still in use</translate>
<translate> Allowed values:</translate>(array)
<translate> Default value:</translate>(see below)
<translate> Other settings:</translate> <translate> Alphabetical</translate> | <translate> By function</translate>

Used in the Access-Control-Allow-Headers response for cross-origin requests coming from a domain that is allowed via $wgCrossSiteAJAXdomains .

Default value

<td class="mw-version-versionbox" title="<translate nowrap> The latest stable version is <tvar name=1>1.41</tvar></translate>">
<translate> ≥</translate> 1.40
Gerrit change 921154
<translate> MediaWiki version:</translate>

This was backported to MediaWiki 1.35.11, 1.38.7 and 1.39.4. 

$wgAllowedCorsHeaders = [
	/* simple headers (see spec) */
	'Accept',
	'Accept-Language',
	'Content-Language',
	'Content-Type',
	/* non-authorable headers in XHR, which are however requested by some UAs */
	'Accept-Encoding',
	'DNT',
	'Origin',
	/* MediaWiki whitelist */
	'User-Agent',
	'Api-User-Agent',
	/* Allowing caching preflight requests, see T269636 */
	'Access-Control-Max-Age',
	/* OAuth 2.0, see T322944 */
	'Authorization',
];
<td class="mw-version-versionbox" title="<translate nowrap> MediaWiki <tvar name=1>1.39</tvar> is legacy version</translate>">
1.36 – 1.39
Gerrit change 646768
<translate> MediaWiki versions:</translate>

This was backported to MediaWiki 1.35.11. 

$wgAllowedCorsHeaders = [
	/* simple headers (see spec) */
	'Accept',
	'Accept-Language',
	'Content-Language',
	'Content-Type',
	/* non-authorable headers in XHR, which are however requested by some UAs */
	'Accept-Encoding',
	'DNT',
	'Origin',
	/* MediaWiki whitelist */
	'User-Agent',
	'Api-User-Agent',
	/* Allowing caching preflight requests, see T269636 */
	'Access-Control-Max-Age',
];
<td class="mw-version-versionbox" title="<translate nowrap> MediaWiki <tvar name=1>1.35</tvar> is unsupported version</translate>">
1.35
<translate> MediaWiki version:</translate> 
$wgAllowedCorsHeaders = [
	/* simple headers (see spec) */
	'Accept',
	'Accept-Language',
	'Content-Language',
	'Content-Type',
	/* non-authorable headers in XHR, which are however requested by some UAs */
	'Accept-Encoding',
	'DNT',
	'Origin',
	/* MediaWiki whitelist */
	'User-Agent',
	'Api-User-Agent',
];
Retrieved from "https://www.linuxwebexpert.com/wiki/index.php?title=Manual:$wgAllowedCorsHeaders&oldid=32350"