手册:$wgCrossSiteAJAXdomains
API: $wgCrossSiteAJAXdomains | |
---|---|
Domains that may make cross-site Ajax requests to the MediaWiki API. |
|
引进版本: | 1.16.0 (r54127) |
移除版本: | 仍在使用 |
允许的值: | (数组) |
默认值: | [] |
其他设置: 按首字母排序 | 按功能排序 |
详情
Allows Ajax requests from certain domains to make cross-site requests to a wiki's API (see Manual:CORS for example usage). This uses the Access-Control-Allow-Origin HTTP header. Note that some older browsers don't support this. This only affects requests to the API. Other entry points (index.php) are not affected.
The value must be a list of allowed domain names, which can include shell-style wildcards (?
to match any character, *
to match any number (including zero) of characters).
An empty array means no external access is allowed.
一些例子:
Allow any domain to access the API via Ajax (This is insecure):
$wgCrossSiteAJAXdomains = [
'*'
];
Allow two specific domains:
$wgCrossSiteAJAXdomains = [
'en.wikipedia.org',
'en.wikibooks.org'
];
Allow all subdomains of a domain (including "deep" subdomains such as en.m.wikipedia.org
):
$wgCrossSiteAJAXdomains = [
'*.wikipedia.org'
];
See gerrit:9624 for a usage example.
Until MediaWiki 1.34, there could be logs Non-whitelisted CORS request with session cookies
referring to the wiki itself, which could be fixed by adding the wiki’s server name in this parameter to avoid these logs.
This was fixed in MediaWiki 1.35 in T243908.