Bug 1141440 - OPTION response for CORS requests to REST doesn't allow X-Bugzilla headers

author: David Lawrence <dkl@mozilla.com> 2015-03-11 15:26:14 +0100
committer: David Lawrence <dkl@mozilla.com> 2015-03-11 15:52:24 +0100
commit: 7c6230d6f8a9bd3311252c2c66cbb81b1053f5e2 (patch)
tree: b043e0dcbaf0595ccb143d8bb3bdcebcdd2dbaec /Bugzilla/WebService/Server
parent: d1a2eb853f7ae3af4f4985ddd25b4f32add7db70 (diff)
download: bugzilla-7c6230d6f8a9bd3311252c2c66cbb81b1053f5e2.tar.gz
bugzilla-7c6230d6f8a9bd3311252c2c66cbb81b1053f5e2.tar.xz
1 files changed, 2 insertions, 10 deletions
diff --git a/Bugzilla/WebService/Server/REST.pm b/Bugzilla/WebService/Server/REST.pm
index 9ee340ccb..0013903ef 100644
--- a/Bugzilla/WebService/Server/REST.pm
+++ b/Bugzilla/WebService/Server/REST.pm
@@ -141,16 +141,8 @@ sub response {
         { rpc => $self, result => \$result, response => $response });
 
     # Access Control
-    my @allowed_headers = qw(
-        accept
-        content-type
-        origin
-        x-bugzilla-api-key
-        x-bugzilla-login
-        x-bugzilla-password
-        x-bugzilla-token
-        x-requested-with
-    );
+    my @allowed_headers = (qw(accept content-type origin x-requested-with),
+        map { tr/A-Z_/a-z\-/r } keys API_AUTH_HEADERS());
     $response->header("Access-Control-Allow-Origin", "*");
     $response->header("Access-Control-Allow-Headers", join(', ', @allowed_headers));
author	David Lawrence <dkl@mozilla.com>	2015-03-11 15:26:14 +0100
committer	David Lawrence <dkl@mozilla.com>	2015-03-11 15:52:24 +0100
commit	7c6230d6f8a9bd3311252c2c66cbb81b1053f5e2 (patch)
tree	b043e0dcbaf0595ccb143d8bb3bdcebcdd2dbaec /Bugzilla/WebService/Server
parent	d1a2eb853f7ae3af4f4985ddd25b4f32add7db70 (diff)
download	bugzilla-7c6230d6f8a9bd3311252c2c66cbb81b1053f5e2.tar.gz bugzilla-7c6230d6f8a9bd3311252c2c66cbb81b1053f5e2.tar.xz