Bug 1141440: OPTION response for CORS requests to REST doesn't allow X-Bugzilla headers

r=glob,a=glob
author: David Lawrence <dkl@mozilla.com> 2015-03-11 15:26:14 +0100
committer: David Lawrence <dkl@mozilla.com> 2015-03-11 15:26:14 +0100
commit: c3b984aa204bdb318b05302ab50702b789c305b0 (patch)
tree: f33eb6bbfa25bf771848e22b026733f8b2d0d67b /Bugzilla/WebService/Constants.pm
parent: 74fb163c93ccb10475f507b4b1fe7f4817990a10 (diff)
download: bugzilla-c3b984aa204bdb318b05302ab50702b789c305b0.tar.gz
bugzilla-c3b984aa204bdb318b05302ab50702b789c305b0.tar.xz
1 files changed, 12 insertions, 0 deletions
diff --git a/Bugzilla/WebService/Constants.pm b/Bugzilla/WebService/Constants.pm
index cf2666551..42aa600ee 100644
--- a/Bugzilla/WebService/Constants.pm
+++ b/Bugzilla/WebService/Constants.pm
@@ -33,6 +33,8 @@ our @EXPORT = qw(
     REST_CONTENT_TYPE_WHITELIST
 
     WS_DISPATCH
+
+    API_AUTH_HEADERS
 );
 
 # This maps the error names in global/*-error.html.tmpl to numbers.
@@ -313,6 +315,16 @@ sub WS_DISPATCH {
     return $dispatch;
 };
 
+# Custom HTTP headers that can be used for API authentication rather than
+# passing as URL parameters. This is useful if you do not want sensitive
+# information to show up in webserver log files.
+use constant API_AUTH_HEADERS => {
+    X_BUGZILLA_LOGIN    => 'Bugzilla_login',
+    X_BUGZILLA_PASSWORD => 'Bugzilla_password',
+    X_BUGZILLA_API_KEY  => 'Bugzilla_api_key',
+    X_BUGZILLA_TOKEN    => 'Bugzilla_token',
+};
+
 1;
 
 =head1 B<Methods in need of POD>
author	David Lawrence <dkl@mozilla.com>	2015-03-11 15:26:14 +0100
committer	David Lawrence <dkl@mozilla.com>	2015-03-11 15:26:14 +0100
commit	c3b984aa204bdb318b05302ab50702b789c305b0 (patch)
tree	f33eb6bbfa25bf771848e22b026733f8b2d0d67b /Bugzilla/WebService/Constants.pm
parent	74fb163c93ccb10475f507b4b1fe7f4817990a10 (diff)
download	bugzilla-c3b984aa204bdb318b05302ab50702b789c305b0.tar.gz bugzilla-c3b984aa204bdb318b05302ab50702b789c305b0.tar.xz