summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorDavid Lawrence <dkl@mozilla.com>2015-03-10 15:42:51 +0100
committerDavid Lawrence <dkl@mozilla.com>2015-03-10 15:42:51 +0100
commit394c986139de2d75016c465b1280353acae9e615 (patch)
tree5ebe7deb3a1d71e25b1c651adfa51a9bc0483d17
parente3194040ce6433ee38775e9a0e2cd1af37b41886 (diff)
downloadbugzilla-394c986139de2d75016c465b1280353acae9e615.tar.gz
bugzilla-394c986139de2d75016c465b1280353acae9e615.tar.xz
Bug 1141440: OPTION response for CORS requests to REST doesn't allow X-Bugzilla headers
-rw-r--r--Bugzilla/WebService/Server/REST.pm12
1 files changed, 11 insertions, 1 deletions
diff --git a/Bugzilla/WebService/Server/REST.pm b/Bugzilla/WebService/Server/REST.pm
index 72d94acf6..9ee340ccb 100644
--- a/Bugzilla/WebService/Server/REST.pm
+++ b/Bugzilla/WebService/Server/REST.pm
@@ -141,8 +141,18 @@ sub response {
{ rpc => $self, result => \$result, response => $response });
# Access Control
+ my @allowed_headers = qw(
+ accept
+ content-type
+ origin
+ x-bugzilla-api-key
+ x-bugzilla-login
+ x-bugzilla-password
+ x-bugzilla-token
+ x-requested-with
+ );
$response->header("Access-Control-Allow-Origin", "*");
- $response->header("Access-Control-Allow-Headers", "origin, content-type, accept, x-requested-with");
+ $response->header("Access-Control-Allow-Headers", join(', ', @allowed_headers));
# ETag support
my $etag = $self->bz_etag;