X-Git-Url: https://git.heureux-cyclage.org/?p=lhc%2Fweb%2Fwiklou.git;a=blobdiff_plain;f=resources%2Fsrc%2Fmediawiki.ForeignApi.core.js;h=83ea0ce003b4897cd66c645ccdffa65da692ca57;hp=1a3cdd5a3f4451c0c336844690857d62d3e4c5d7;hb=e19e6bfabcaf2b6aa5dd837ff7057bd6a25baef8;hpb=ba88625a64173d6597019f98a616dec0979795f7

diff --git a/resources/src/mediawiki.ForeignApi.core.js b/resources/src/mediawiki.ForeignApi.core.js
index 1a3cdd5a3f..83ea0ce003 100644
--- a/resources/src/mediawiki.ForeignApi.core.js
+++ b/resources/src/mediawiki.ForeignApi.core.js
@@ -1,4 +1,4 @@
-( function ( mw, $ ) {
+( function () {
 
 	/**
 	 * Create an object like mw.Api, but automatically handling everything required to communicate
@@ -59,7 +59,6 @@
 					}
 				},
 				parameters: {
-					// Add 'origin' query parameter to all requests.
 					origin: this.getOrigin()
 				}
 			},
@@ -77,17 +76,26 @@
 	 * any).
 	 *
 	 * @protected
-	 * @return {string}
+	 * @return {string|undefined}
 	 */
 	CoreForeignApi.prototype.getOrigin = function () {
-		var origin;
+		var origin, apiUri, apiOrigin;
 		if ( this.anonymous ) {
 			return '*';
 		}
+
 		origin = location.protocol + '//' + location.hostname;
 		if ( location.port ) {
 			origin += ':' + location.port;
 		}
+
+		apiUri = new mw.Uri( this.apiUrl );
+		apiOrigin = apiUri.protocol + '://' + apiUri.getAuthority();
+		if ( origin === apiOrigin ) {
+			// requests are not cross-origin, omit parameter
+			return undefined;
+		}
+
 		return origin;
 	};
 
@@ -101,10 +109,12 @@
 		if ( ajaxOptions.type === 'POST' ) {
 			url = ( ajaxOptions && ajaxOptions.url ) || this.defaults.ajax.url;
 			origin = ( parameters && parameters.origin ) || this.defaults.parameters.origin;
-			url += ( url.indexOf( '?' ) !== -1 ? '&' : '?' ) +
-				// Depending on server configuration, MediaWiki may forbid periods in URLs, due to an IE 6
-				// XSS bug. So let's escape them here. See WebRequest::checkUrlExtension() and T30235.
-				'origin=' + encodeURIComponent( origin ).replace( /\./g, '%2E' );
+			if ( origin !== undefined ) {
+				url += ( url.indexOf( '?' ) !== -1 ? '&' : '?' ) +
+					// Depending on server configuration, MediaWiki may forbid periods in URLs, due to an IE 6
+					// XSS bug. So let's escape them here. See WebRequest::checkUrlExtension() and T30235.
+					'origin=' + encodeURIComponent( origin ).replace( /\./g, '%2E' );
+			}
 			newAjaxOptions = $.extend( {}, ajaxOptions, { url: url } );
 		} else {
 			newAjaxOptions = ajaxOptions;
@@ -116,4 +126,4 @@
 	// Expose
 	mw.ForeignApi = CoreForeignApi;
 
-}( mediaWiki, jQuery ) );
+}() );