summaryrefslogtreecommitdiffstats
path: root/Bugzilla/WebService/Server
diff options
context:
space:
mode:
authorDave Lawrence <dlawrence@mozilla.com>2013-07-15 05:43:57 +0200
committerDave Lawrence <dlawrence@mozilla.com>2013-07-15 05:43:57 +0200
commit81da577697a86446d8f8ff8b097760a3b197095c (patch)
tree529a6809eea4bee758f40bb855388e913f9e2fbc /Bugzilla/WebService/Server
parent384d1d254d14bafc3fdf62a08668c6cb36249563 (diff)
downloadbugzilla-81da577697a86446d8f8ff8b097760a3b197095c.tar.gz
bugzilla-81da577697a86446d8f8ff8b097760a3b197095c.tar.xz
Bug 787328 - xmlrpc.cgi doesn't send any security-related headers
r=glob,a=justdave
Diffstat (limited to 'Bugzilla/WebService/Server')
-rw-r--r--Bugzilla/WebService/Server/XMLRPC.pm12
1 files changed, 10 insertions, 2 deletions
diff --git a/Bugzilla/WebService/Server/XMLRPC.pm b/Bugzilla/WebService/Server/XMLRPC.pm
index b4af1ab94..eab718efc 100644
--- a/Bugzilla/WebService/Server/XMLRPC.pm
+++ b/Bugzilla/WebService/Server/XMLRPC.pm
@@ -57,8 +57,16 @@ sub make_response {
# XMLRPC::Transport::HTTP::CGI doesn't know about Bugzilla carrying around
# its cookies in Bugzilla::CGI, so we need to copy them over.
- foreach (@{Bugzilla->cgi->{'Bugzilla_cookie_list'}}) {
- $self->response->headers->push_header('Set-Cookie', $_);
+ foreach my $cookie (@{Bugzilla->cgi->{'Bugzilla_cookie_list'}}) {
+ $self->response->headers->push_header('Set-Cookie', $cookie);
+ }
+
+ # Copy across security related headers from Bugzilla::CGI
+ foreach my $header (split(/[\r\n]+/, Bugzilla->cgi->header)) {
+ my ($name, $value) = $header =~ /^([^:]+): (.*)/;
+ if (!$self->response->headers->header($name)) {
+ $self->response->headers->header($name => $value);
+ }
}
}