One of our staff members is contributing considerably to a News Archiving service at Mu. Any well educated (Masters, PhD or above) users who wish to make comments on news sites, please contact Jim Burton directly rather than using this list, and we can work on maximising view count.
MediaWiki:Apihelp-main-param-crossorigin
When accessing the API using a cross-domain AJAX request (CORS) and using a session provider that is safe against cross-site request forgery (CSRF) attacks (such as OAuth), use this instead of origin=* to make the request authenticated (i.e., not logged out). This must be included in any pre-flight request, and therefore must be part of the request URI (not the POST body).
Note that most session providers, including standard cookie-based sessions, do not support authenticated CORS and cannot be used with this parameter.