Bug 1141440: OPTION response for CORS requests to REST doesn't allow X-Bugzilla headers

r=glob,a=glob

1 files changed, 3 insertions, 1 deletions

diff --git a/Bugzilla/WebService/Server/REST.pm b/Bugzilla/WebService/Server/REST.pm
index d02ba5523..9c9141c09 100644
--- a/Bugzilla/WebService/Server/REST.pm
+++ b/Bugzilla/WebService/Server/REST.pm
@@ -134,8 +134,10 @@ sub response {
         { rpc => $self, result => \$result, response => $response });
 
     # Access Control
+    my @allowed_headers = (qw(accept content-type origin x-requested-with),
+        map { tr/A-Z_/a-z\-/r } keys API_AUTH_HEADERS());
     $response->header("Access-Control-Allow-Origin", "*");
-    $response->header("Access-Control-Allow-Headers", "origin, content-type, accept, x-requested-with");
+    $response->header("Access-Control-Allow-Headers", join(', ', @allowed_headers));
 
     # ETag support
     my $etag = $self->bz_etag;