Bug 1141440: OPTION response for CORS requests to REST doesn't allow X-Bugzilla headers

- Fixed t/001compile.t error due to tr///r only for 5.14+

1 files changed, 7 insertions, 2 deletions

diff --git a/Bugzilla/WebService/Server/REST.pm b/Bugzilla/WebService/Server/REST.pm
index 0013903ef..44e85835e 100644
--- a/Bugzilla/WebService/Server/REST.pm
+++ b/Bugzilla/WebService/Server/REST.pm
@@ -141,8 +141,13 @@ sub response {
         { rpc => $self, result => \$result, response => $response });
 
     # Access Control
-    my @allowed_headers = (qw(accept content-type origin x-requested-with),
-        map { tr/A-Z_/a-z\-/r } keys API_AUTH_HEADERS());
+    my @allowed_headers = qw(accept content-type origin x-requested-with);
+    foreach my $header (keys API_AUTH_HEADERS()) {
+        # We want to lowercase and replace _ with -
+        my $translated_header = $header;
+        $translated_header =~ tr/A-Z_/a-z\-/;
+        push(@allowed_headers, $translated_header);
+    }
     $response->header("Access-Control-Allow-Origin", "*");
     $response->header("Access-Control-Allow-Headers", join(', ', @allowed_headers));