Bug 1141440: OPTION response for CORS requests to REST doesn't allow X-Bugzilla headers

author: David Lawrence <dkl@mozilla.com> 2015-03-10 15:42:51 +0100
committer: David Lawrence <dkl@mozilla.com> 2015-03-10 15:42:51 +0100
commit: 394c986139de2d75016c465b1280353acae9e615 (patch)
tree: 5ebe7deb3a1d71e25b1c651adfa51a9bc0483d17 /Bugzilla/WebService
parent: e3194040ce6433ee38775e9a0e2cd1af37b41886 (diff)
download: bugzilla-394c986139de2d75016c465b1280353acae9e615.tar.gz
bugzilla-394c986139de2d75016c465b1280353acae9e615.tar.xz
1 files changed, 11 insertions, 1 deletions
diff --git a/Bugzilla/WebService/Server/REST.pm b/Bugzilla/WebService/Server/REST.pm
index 72d94acf6..9ee340ccb 100644
--- a/Bugzilla/WebService/Server/REST.pm
+++ b/Bugzilla/WebService/Server/REST.pm
@@ -141,8 +141,18 @@ sub response {
         { rpc => $self, result => \$result, response => $response });
 
     # Access Control
+    my @allowed_headers = qw(
+        accept
+        content-type
+        origin
+        x-bugzilla-api-key
+        x-bugzilla-login
+        x-bugzilla-password
+        x-bugzilla-token
+        x-requested-with
+    );
     $response->header("Access-Control-Allow-Origin", "*");
-    $response->header("Access-Control-Allow-Headers", "origin, content-type, accept, x-requested-with");
+    $response->header("Access-Control-Allow-Headers", join(', ', @allowed_headers));
 
     # ETag support
     my $etag = $self->bz_etag;
author	David Lawrence <dkl@mozilla.com>	2015-03-10 15:42:51 +0100
committer	David Lawrence <dkl@mozilla.com>	2015-03-10 15:42:51 +0100
commit	394c986139de2d75016c465b1280353acae9e615 (patch)
tree	5ebe7deb3a1d71e25b1c651adfa51a9bc0483d17 /Bugzilla/WebService
parent	e3194040ce6433ee38775e9a0e2cd1af37b41886 (diff)
download	bugzilla-394c986139de2d75016c465b1280353acae9e615.tar.gz bugzilla-394c986139de2d75016c465b1280353acae9e615.tar.xz