When you connect to this website, you send your IP address and sometimes some cookies. You may also give us personal identifying information, such as your name and contact information. All this data is used to securely provide you with the services that you request. We encourage you to review our privacy policy to make sure that you understand how your data is managed, and to contact us if you have any questions. View Privacy Policy

MediaWiki:Apihelp-main-param-origin

From NASPAWiki

You are viewing a condensed mobile version of this NASPA webpage.
Switch to full version.

When accessing the API using a cross-domain AJAX request (CORS), set this to the originating domain. This must be included in any pre-flight request, and therefore must be part of the request URI (not the POST body).

For authenticated requests, this must match one of the origins in the Origin header exactly, so it has to be set to something like https://en.wikipedia.org or https://meta.wikimedia.org. If this parameter does not match the Origin header, a 403 response will be returned. If this parameter matches the Origin header and the origin is whitelisted, the Access-Control-Allow-Origin and Access-Control-Allow-Credentials headers will be set.

For non-authenticated requests, specify the value *. This will cause the Access-Control-Allow-Origin header to be set, but Access-Control-Allow-Credentials will be false and all user-specific data will be restricted.