diff options
author | Dave Lawrence <dlawrence@mozilla.com> | 2013-07-15 05:43:57 +0200 |
---|---|---|
committer | Dave Lawrence <dlawrence@mozilla.com> | 2013-07-15 05:43:57 +0200 |
commit | 81da577697a86446d8f8ff8b097760a3b197095c (patch) | |
tree | 529a6809eea4bee758f40bb855388e913f9e2fbc /Bugzilla/WebService/Server | |
parent | 384d1d254d14bafc3fdf62a08668c6cb36249563 (diff) | |
download | bugzilla-81da577697a86446d8f8ff8b097760a3b197095c.tar.gz bugzilla-81da577697a86446d8f8ff8b097760a3b197095c.tar.xz |
Bug 787328 - xmlrpc.cgi doesn't send any security-related headers
r=glob,a=justdave
Diffstat (limited to 'Bugzilla/WebService/Server')
-rw-r--r-- | Bugzilla/WebService/Server/XMLRPC.pm | 12 |
1 files changed, 10 insertions, 2 deletions
diff --git a/Bugzilla/WebService/Server/XMLRPC.pm b/Bugzilla/WebService/Server/XMLRPC.pm index b4af1ab94..eab718efc 100644 --- a/Bugzilla/WebService/Server/XMLRPC.pm +++ b/Bugzilla/WebService/Server/XMLRPC.pm @@ -57,8 +57,16 @@ sub make_response { # XMLRPC::Transport::HTTP::CGI doesn't know about Bugzilla carrying around # its cookies in Bugzilla::CGI, so we need to copy them over. - foreach (@{Bugzilla->cgi->{'Bugzilla_cookie_list'}}) { - $self->response->headers->push_header('Set-Cookie', $_); + foreach my $cookie (@{Bugzilla->cgi->{'Bugzilla_cookie_list'}}) { + $self->response->headers->push_header('Set-Cookie', $cookie); + } + + # Copy across security related headers from Bugzilla::CGI + foreach my $header (split(/[\r\n]+/, Bugzilla->cgi->header)) { + my ($name, $value) = $header =~ /^([^:]+): (.*)/; + if (!$self->response->headers->header($name)) { + $self->response->headers->header($name => $value); + } } } |