© 2015 X2Engine Inc.
MediaWiki:Apihelp-main-param-origin
When accessing the API using a cross-domain AJAX request (CORS), set this to the originating domain. This must be included in any pre-flight request, and therefore must be part of the request URI[[wikipedia:Uniform Resource Identifier]]: The part of a URL that identifies the resource on the server to be accessed. In the context of the API, this refers to the relative path within the web server based in the web root of X2Engine, i.e. ''index.php/api2/Contacts/324.json'' as opposed to the full URL, which begins with the protocol (i.e. "http") and might also contain a path relative to the web site's document root (not the POST body).
For authenticated requests, this must match one of the origins in the Origin
header exactly, so it has to be set to something like https://en.wikipedia.org or https://meta.wikimedia.org. If this parameter does not match the Origin
header, a 403 response will be returned. If this parameter matches the Origin
header and the origin is whitelisted, the Access-Control-Allow-Origin
and Access-Control-Allow-Credentials
headers will be set.
For non-authenticated requests, specify the value *. This will cause the Access-Control-Allow-Origin
header to be set, but Access-Control-Allow-Credentials
will be false
and all user-specific data will be restricted.