Work in progress — This wiki is an active migration / mirror of Homestar Runner Wiki and is not finished yet. Account registration and public editing are turned off until the migration is further along. For status updates, see the migration thread on the forums.

MediaWiki:Apihelp-main-param-crossorigin

From HR Wiki Twice
Jump to navigationJump to search

When accessing the API using a cross-domain AJAX request (CORS) and using a session provider that is safe against cross-site request forgery (CSRF) attacks (such as OAuth), use this instead of origin=* to make the request authenticated (i.e., not logged out). This must be included in any pre-flight request, and therefore must be part of the request URL (not the POST body).

Note that most session providers, including standard cookie-based sessions, do not support authenticated CORS and cannot be used with this parameter.