MediaWiki:Apihelp-main-param-origin

From Max-EuP 2012

When accessing the API using a cross-domain AJAX request (CORS), set this to the originating domain. This must be included in any pre-flight request, and therefore must be part of the request URI (not the POST body).

For authenticated requests, this must match one of the origins in the Origin header exactly, so it has to be set to something like https://en.wikipedia.org or https://meta.wikimedia.org. If this parameter does not match the Origin header, a 403 response will be returned. If this parameter matches the Origin header and the origin is allowed, the Access-Control-Allow-Origin and Access-Control-Allow-Credentials headers will be set.

For non-authenticated requests, specify the value *. This will cause the Access-Control-Allow-Origin header to be set, but Access-Control-Allow-Credentials will be false and all user-specific data will be restricted.

Retrieved from MediaWiki:Apihelp-main-param-origin – Max-EuP 2012 on 06. December 2025.

Terms of Use

The Max Planck Encyclopedia of European Private Law, published as a print work in 2012, has been made freely available in 2021 as an online edition at <max-eup2012.mpipriv.de>.

The materials published here are subject to exclusive rights of use as held by the Max Planck Institute for Comparative and International Private Law and the publisher Oxford University Press; they may only be used for non-commercial purposes. Users may download, print, and make copies of the text files being made freely available to the public. Further, users may translate excerpts of the entries and cite them in the context of academic work, provided that the following requirements are met:

  • Use for non-commercial purposes
  • The textual integrity of each entry and its elements is maintained
  • Citation of the online reference according to academic standards, indicating the author, keyword title, work name, and date of retrieval (see Suggested Citation Style).