diff options
author | David Lawrence <dkl@mozilla.com> | 2015-03-11 15:26:14 +0100 |
---|---|---|
committer | David Lawrence <dkl@mozilla.com> | 2015-03-11 15:26:14 +0100 |
commit | c3b984aa204bdb318b05302ab50702b789c305b0 (patch) | |
tree | f33eb6bbfa25bf771848e22b026733f8b2d0d67b /Bugzilla/WebService/Server | |
parent | 74fb163c93ccb10475f507b4b1fe7f4817990a10 (diff) | |
download | bugzilla-c3b984aa204bdb318b05302ab50702b789c305b0.tar.gz bugzilla-c3b984aa204bdb318b05302ab50702b789c305b0.tar.xz |
Bug 1141440: OPTION response for CORS requests to REST doesn't allow X-Bugzilla headers
r=glob,a=glob
Diffstat (limited to 'Bugzilla/WebService/Server')
-rw-r--r-- | Bugzilla/WebService/Server/REST.pm | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/Bugzilla/WebService/Server/REST.pm b/Bugzilla/WebService/Server/REST.pm index d02ba5523..9c9141c09 100644 --- a/Bugzilla/WebService/Server/REST.pm +++ b/Bugzilla/WebService/Server/REST.pm @@ -134,8 +134,10 @@ sub response { { rpc => $self, result => \$result, response => $response }); # Access Control + my @allowed_headers = (qw(accept content-type origin x-requested-with), + map { tr/A-Z_/a-z\-/r } keys API_AUTH_HEADERS()); $response->header("Access-Control-Allow-Origin", "*"); - $response->header("Access-Control-Allow-Headers", "origin, content-type, accept, x-requested-with"); + $response->header("Access-Control-Allow-Headers", join(', ', @allowed_headers)); # ETag support my $etag = $self->bz_etag; |