summaryrefslogtreecommitdiffstats
path: root/Bugzilla/WebService/Server
diff options
context:
space:
mode:
authorDavid Lawrence <dkl@mozilla.com>2015-03-11 15:26:14 +0100
committerDavid Lawrence <dkl@mozilla.com>2015-03-11 15:52:24 +0100
commit7c6230d6f8a9bd3311252c2c66cbb81b1053f5e2 (patch)
treeb043e0dcbaf0595ccb143d8bb3bdcebcdd2dbaec /Bugzilla/WebService/Server
parentd1a2eb853f7ae3af4f4985ddd25b4f32add7db70 (diff)
downloadbugzilla-7c6230d6f8a9bd3311252c2c66cbb81b1053f5e2.tar.gz
bugzilla-7c6230d6f8a9bd3311252c2c66cbb81b1053f5e2.tar.xz
Bug 1141440 - OPTION response for CORS requests to REST doesn't allow X-Bugzilla headers
Diffstat (limited to 'Bugzilla/WebService/Server')
-rw-r--r--Bugzilla/WebService/Server/REST.pm12
1 files changed, 2 insertions, 10 deletions
diff --git a/Bugzilla/WebService/Server/REST.pm b/Bugzilla/WebService/Server/REST.pm
index 9ee340ccb..0013903ef 100644
--- a/Bugzilla/WebService/Server/REST.pm
+++ b/Bugzilla/WebService/Server/REST.pm
@@ -141,16 +141,8 @@ sub response {
{ rpc => $self, result => \$result, response => $response });
# Access Control
- my @allowed_headers = qw(
- accept
- content-type
- origin
- x-bugzilla-api-key
- x-bugzilla-login
- x-bugzilla-password
- x-bugzilla-token
- x-requested-with
- );
+ my @allowed_headers = (qw(accept content-type origin x-requested-with),
+ map { tr/A-Z_/a-z\-/r } keys API_AUTH_HEADERS());
$response->header("Access-Control-Allow-Origin", "*");
$response->header("Access-Control-Allow-Headers", join(', ', @allowed_headers));