diff options
author | Dave Lawrence <dlawrence@mozilla.com> | 2013-07-15 05:47:22 +0200 |
---|---|---|
committer | Dave Lawrence <dlawrence@mozilla.com> | 2013-07-15 05:47:22 +0200 |
commit | 225d5430bc810f005c993d9f5234ffc47c4429c2 (patch) | |
tree | e64489c6e448cc705479bdf3e2b9acac4ce3cb2c /Bugzilla/WebService/Server | |
parent | 6e53f77df7e055797ef587f349e3c35fdd82718c (diff) | |
download | bugzilla-225d5430bc810f005c993d9f5234ffc47c4429c2.tar.gz bugzilla-225d5430bc810f005c993d9f5234ffc47c4429c2.tar.xz |
Bug 787328 - xmlrpc.cgi doesn't send any security-related headers
r=glob,a=justdave
Diffstat (limited to 'Bugzilla/WebService/Server')
-rw-r--r-- | Bugzilla/WebService/Server/XMLRPC.pm | 12 |
1 files changed, 10 insertions, 2 deletions
diff --git a/Bugzilla/WebService/Server/XMLRPC.pm b/Bugzilla/WebService/Server/XMLRPC.pm index 025fb8f19..fc297421a 100644 --- a/Bugzilla/WebService/Server/XMLRPC.pm +++ b/Bugzilla/WebService/Server/XMLRPC.pm @@ -61,8 +61,16 @@ sub make_response { # XMLRPC::Transport::HTTP::CGI doesn't know about Bugzilla carrying around # its cookies in Bugzilla::CGI, so we need to copy them over. - foreach (@{Bugzilla->cgi->{'Bugzilla_cookie_list'}}) { - $self->response->headers->push_header('Set-Cookie', $_); + foreach my $cookie (@{Bugzilla->cgi->{'Bugzilla_cookie_list'}}) { + $self->response->headers->push_header('Set-Cookie', $cookie); + } + + # Copy across security related headers from Bugzilla::CGI + foreach my $header (split(/[\r\n]+/, Bugzilla->cgi->header)) { + my ($name, $value) = $header =~ /^([^:]+): (.*)/; + if (!$self->response->headers->header($name)) { + $self->response->headers->header($name => $value); + } } } |