API: Log non-whitelisted CORS requests with session cookies
commit43b2693a3359a190a32a69934ef72305ae9f8849
authorBrad Jorsch <bjorsch@wikimedia.org>
Tue, 14 Jun 2016 16:15:40 +0000 (14 12:15 -0400)
committerBrad Jorsch <bjorsch@wikimedia.org>
Tue, 14 Jun 2016 16:20:17 +0000 (14 12:20 -0400)
treee0657f38e778661669ead57903be9b83730ff5be
parentac670cf94b1714ae0bbd64055e39d0dad75bfe98
API: Log non-whitelisted CORS requests with session cookies

As requested in T62835#1794915, this logs requests that have an Origin
header that isn't whitelisted and have "session" cookies (defined as
"cookies that SessionManager says to vary on").

Change-Id: I3e34ff1e3a0a3f63c709ee95aa5cf8309fbc4367
includes/api/ApiMain.php