diff options
| author | David Lawrence <dkl@mozilla.com> | 2015-03-11 15:26:14 +0100 |
|---|---|---|
| committer | David Lawrence <dkl@mozilla.com> | 2015-03-11 15:26:14 +0100 |
| commit | c3b984aa204bdb318b05302ab50702b789c305b0 (patch) | |
| tree | f33eb6bbfa25bf771848e22b026733f8b2d0d67b /Bugzilla/WebService/Util.pm | |
| parent | 74fb163c93ccb10475f507b4b1fe7f4817990a10 (diff) | |
| download | bugzilla-c3b984aa204bdb318b05302ab50702b789c305b0.tar.gz bugzilla-c3b984aa204bdb318b05302ab50702b789c305b0.tar.xz | |
Bug 1141440: OPTION response for CORS requests to REST doesn't allow X-Bugzilla headers
r=glob,a=glob
Diffstat (limited to 'Bugzilla/WebService/Util.pm')
| -rw-r--r-- | Bugzilla/WebService/Util.pm | 14 |
1 files changed, 4 insertions, 10 deletions
diff --git a/Bugzilla/WebService/Util.pm b/Bugzilla/WebService/Util.pm index 4eae66bd3..cbbc47921 100644 --- a/Bugzilla/WebService/Util.pm +++ b/Bugzilla/WebService/Util.pm @@ -14,6 +14,7 @@ use warnings; use Bugzilla::Flag; use Bugzilla::FlagType; use Bugzilla::Error; +use Bugzilla::WebService::Constants; use Storable qw(dclone); use URI::Escape qw(uri_unescape); @@ -261,22 +262,15 @@ sub params_to_objects { return \@objects; } -use constant X_HEADERS => { - X_BUGZILLA_LOGIN => 'Bugzilla_login', - X_BUGZILLA_PASSWORD => 'Bugzilla_password', - X_BUGZILLA_API_KEY => 'Bugzilla_api_key', - X_BUGZILLA_TOKEN => 'Bugzilla_token', -}; - sub fix_credentials { my ($params, $cgi) = @_; # Allow user to pass in authentication details in X-Headers # This allows callers to keep credentials out of GET request query-strings if ($cgi) { - foreach my $field (keys %{ X_HEADERS() }) { - next if exists $params->{X_HEADERS->{$field}} || $cgi->http($field) // '' eq ''; - $params->{X_HEADERS->{$field}} = uri_unescape($cgi->http($field)); + foreach my $field (keys %{ API_AUTH_HEADERS() }) { + next if exists $params->{API_AUTH_HEADERS->{$field}} || ($cgi->http($field) // '') eq ''; + $params->{API_AUTH_HEADERS->{$field}} = uri_unescape($cgi->http($field)); } } |