wfDebug( "API: stripping user credentials when the same-origin policy is not applied\n" );
$wgUser = new User();
$this->getContext()->setUser( $wgUser );
+ $request->response()->header( 'MediaWiki-Login-Suppressed: true' );
}
}
if ( !$preflight ) {
$response->header(
- 'Access-Control-Expose-Headers: MediaWiki-API-Error, Retry-After, X-Database-Lag'
+ 'Access-Control-Expose-Headers: MediaWiki-API-Error, Retry-After, X-Database-Lag, '
+ . 'MediaWiki-Login-Suppressed'
);
}
}