Go to the documentation of this file.
15 public const CONSTRUCTOR_OPTIONS = [
17 'RestAllowCrossOriginCookieAuth',
19 'CrossSiteAJAXdomains',
20 'CrossSiteAJAXdomainExceptions',
62 && !$this->user->isRegistered()
67 return 'rest-cross-origin-anon-write';
79 $allowed = array_merge( [ $this->
getCanonicalDomain() ], $this->options->get(
'CrossSiteAJAXdomains' ) );
80 $excluded = $this->options->get(
'CrossSiteAJAXdomainExceptions' );
82 return $origin->
match( $allowed, $excluded );
91 ] =
wfParseUrl( $this->options->get(
'CanonicalServer' ) );
107 if ( !$this->options->get(
'AllowCrossOrigin' ) ) {
111 $allowedOrigin =
'*';
113 if ( $this->options->get(
'RestAllowCrossOriginCookieAuth' ) ) {
122 $response->
addHeader(
'Vary',
'Origin' );
131 if ( $request->
getMethod() ===
'OPTIONS' || $this->user->isRegistered() ) {
132 $allowedOrigin = $origin->getSingleOrigin();
146 if ( $allowedOrigin !==
'*' ) {
147 $response->
setHeader(
'Access-Control-Allow-Credentials',
'true' );
150 $response->
setHeader(
'Access-Control-Allow-Origin', $allowedOrigin );
162 $response = $this->responseFactory->createNoContent();
165 $response->
setHeader(
'Access-Control-Allow-Headers', [
173 $response->setHeader(
'Access-Control-Allow-Methods', $allowedMethods );
wfParseUrl( $url)
parse_url() work-alike, but non-broken.