Manual:Hooks/RequestHasSameOriginSecurity

RequestHasSameOriginSecurity
Available from version 1.27.0
Called to determine if the request is somehow flagged to lack same-origin security.
Define function:
public static function onRequestHasSameOriginSecurity( WebRequest $request ) { ... }
Attach hook: In extension.json:
{
	"Hooks": {
		"RequestHasSameOriginSecurity": "MediaWiki\\Extension\\MyExtension\\Hooks::onRequestHasSameOriginSecurity"
	}
}
Called from: File(s): api/ApiMain.php
Function(s): lacksSameOriginSecurity
Interface: RequestHasSameOriginSecurityHook.php

For more information about attaching hooks, see Manual:Hooks .
For examples of extensions using this hook, see Category:RequestHasSameOriginSecurity extensions.


Return false to indicate that the same-origin security is somehow lacked. Note if the "somehow" involves HTTP headers, you'll probably need to make sure the header is varied on.

This hook was added in a security patch and thus not available on Gerrit. It was added in https://gerrit.wikimedia.org/r/plugins/gitiles/mediawiki/core/+/9ec1ef7308acc0366e92f8e6af10ce3cb22b5065%5E%21/.

Details edit

  • $request: The WebRequest object.