Manual:$wgAllowCrossOrigin

Security: $wgAllowCrossOrigin
Allow anonymous cross origin requests.
Introduced in version:1.36.0 (Gerrit change 608190; git #ab06b056)
Removed in version:still in use
Allowed values:(boolean)
Default value:false

Details edit

Allow anonymous cross origin requests.

This should be disabled for intranet sites (sites behind a firewall).