diff options
| author | David Lawrence <dkl@mozilla.com> | 2015-03-10 15:42:51 +0100 |
|---|---|---|
| committer | David Lawrence <dkl@mozilla.com> | 2015-03-10 15:42:51 +0100 |
| commit | 394c986139de2d75016c465b1280353acae9e615 (patch) | |
| tree | 5ebe7deb3a1d71e25b1c651adfa51a9bc0483d17 | |
| parent | e3194040ce6433ee38775e9a0e2cd1af37b41886 (diff) | |
| download | bugzilla-394c986139de2d75016c465b1280353acae9e615.tar.gz bugzilla-394c986139de2d75016c465b1280353acae9e615.tar.xz | |
Bug 1141440: OPTION response for CORS requests to REST doesn't allow X-Bugzilla headers
| -rw-r--r-- | Bugzilla/WebService/Server/REST.pm | 12 |
1 files changed, 11 insertions, 1 deletions
diff --git a/Bugzilla/WebService/Server/REST.pm b/Bugzilla/WebService/Server/REST.pm index 72d94acf6..9ee340ccb 100644 --- a/Bugzilla/WebService/Server/REST.pm +++ b/Bugzilla/WebService/Server/REST.pm @@ -141,8 +141,18 @@ sub response { { rpc => $self, result => \$result, response => $response }); # Access Control + my @allowed_headers = qw( + accept + content-type + origin + x-bugzilla-api-key + x-bugzilla-login + x-bugzilla-password + x-bugzilla-token + x-requested-with + ); $response->header("Access-Control-Allow-Origin", "*"); - $response->header("Access-Control-Allow-Headers", "origin, content-type, accept, x-requested-with"); + $response->header("Access-Control-Allow-Headers", join(', ', @allowed_headers)); # ETag support my $etag = $self->bz_etag; |