Manual:$wgRestAllowCrossOriginCookieAuth

From Linux Web Expert

The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.
<translate> Security</translate>: $wgRestAllowCrossOriginCookieAuth
Allows authenticated cross-origin requests to the REST API with session cookies.
<translate> Introduced in version:</translate>1.36.0 (Gerrit change 621900; git #c36b3204)
<translate> Removed in version:</translate><translate> still in use</translate>
<translate> Allowed values:</translate>(boolean)
<translate> Default value:</translate>false
<translate> Other settings:</translate> <translate> Alphabetical</translate> | <translate> By function</translate>

Details

Allows authenticated cross-origin requests to the REST API with session cookies.

With this option enabled, any origin specified in $wgCrossSiteAJAXdomains may send session cookies for authorization in the REST API.

There is a performance impact by enabling this option. Therefore, it should be left disabled for most wikis and clients should instead use OAuth to make cross-origin authenticated requests.

See also

Retrieved from "https://www.linuxwebexpert.com/wiki/index.php?title=Manual:$wgRestAllowCrossOriginCookieAuth&oldid=36028"