Available from version 1.27.0
Called to determine if the request is somehow flagged to lack same-origin security.
Define function:
public static function onRequestHasSameOriginSecurity( WebRequest $request ) { ... }
Attach hook: In extension.json:
	"Hooks": {
		"RequestHasSameOriginSecurity": "MyExtensionHooks::onRequestHasSameOriginSecurity"
Called from: File(s): api/ApiMain.php
Function(s): lacksSameOriginSecurity
Interface: RequestHasSameOriginSecurityHook.php

For more information about attaching hooks, see Manual:Hooks .
For examples of extensions using this hook, see Category:RequestHasSameOriginSecurity extensions.

Return false to indicate that the same-origin security is somehow lacked. Note if the "somehow" involves HTTP headers, you'll probably need to make sure the header is varied on.

This hook was added in a security patch and thus not available on Gerrit. It was added in


  • $request: The WebRequest object.