Manual:Hooks/RequestHasSameOriginSecurity
| RequestHasSameOriginSecurity | |
|---|---|
| Available from version 1.27.0 Called to determine if the request is somehow flagged to lack same-origin security. | |
| Define function: | public static function onRequestHasSameOriginSecurity( WebRequest $request ) { ... }
|
| Attach hook: | In extension.json:
{
"Hooks": {
"RequestHasSameOriginSecurity": "MediaWiki\\Extension\\MyExtension\\Hooks::onRequestHasSameOriginSecurity"
}
}
|
| Called from: | File(s): api/ApiMain.php Function(s): lacksSameOriginSecurity |
| Interface: | RequestHasSameOriginSecurityHook.php |
For more information about attaching hooks, see Manual:Hooks.
For examples of extensions using this hook, see Category:RequestHasSameOriginSecurity extensions.
Return false to indicate that the same-origin security is somehow lacked. Note if the "somehow" involves HTTP headers, you'll probably need to make sure the header is varied on.
This hook was added in a security patch and thus not available on Gerrit. It was added in https://gerrit.wikimedia.org/r/plugins/gitiles/mediawiki/core/+/9ec1ef7308acc0366e92f8e6af10ce3cb22b5065%5E%21/.
Details
edit$request: The WebRequest object.