Thijs/wiki.techinc.nl

Fork 0

Commit graph

Author	SHA1	Message	Date
David Barratt	c36b320454	Handle CORS preflight request and prevent anon users from unsafe methods Creates an OPTIONS handler that handles any OPTIONS requests that are not already handled by a handler. CORS has no mechanism to ensure the user is authenticated, so the Router will reject cross-origin requests from anon users. This change allows authenticated users to make cross-origin requests if they authenticate with OAuth or if $wgRestAllowCrossOriginCookieAuth is enabled. Bug: T232176 Bug: T262712 Change-Id: I128b4bdbec4f6bea35142153c951fd7b79617106	2020-09-21 19:29:40 -04:00

Author

SHA1

Message

Date

David Barratt

c36b320454

Handle CORS preflight request and prevent anon users from unsafe methods

Creates an OPTIONS handler that handles any OPTIONS requests that are
not already handled by a handler. CORS has no mechanism to ensure the
user is authenticated, so the Router will reject cross-origin requests
from anon users.

This change allows authenticated users to make cross-origin
requests if they authenticate with OAuth or if
$wgRestAllowCrossOriginCookieAuth is enabled.

Bug: T232176
Bug: T262712
Change-Id: I128b4bdbec4f6bea35142153c951fd7b79617106

2020-09-21 19:29:40 -04:00

1 commit