Bug 787328 - xmlrpc.cgi doesn't send any security-related headers

r=glob,a=justdave
author: Dave Lawrence <dlawrence@mozilla.com> 2013-07-15 05:47:22 +0200
committer: Dave Lawrence <dlawrence@mozilla.com> 2013-07-15 05:47:22 +0200
commit: 225d5430bc810f005c993d9f5234ffc47c4429c2 (patch)
tree: e64489c6e448cc705479bdf3e2b9acac4ce3cb2c /Bugzilla
parent: 6e53f77df7e055797ef587f349e3c35fdd82718c (diff)
download: bugzilla-225d5430bc810f005c993d9f5234ffc47c4429c2.tar.gz
bugzilla-225d5430bc810f005c993d9f5234ffc47c4429c2.tar.xz
1 files changed, 10 insertions, 2 deletions
diff --git a/Bugzilla/WebService/Server/XMLRPC.pm b/Bugzilla/WebService/Server/XMLRPC.pm
index 025fb8f19..fc297421a 100644
--- a/Bugzilla/WebService/Server/XMLRPC.pm
+++ b/Bugzilla/WebService/Server/XMLRPC.pm
@@ -61,8 +61,16 @@ sub make_response {
 
     # XMLRPC::Transport::HTTP::CGI doesn't know about Bugzilla carrying around
     # its cookies in Bugzilla::CGI, so we need to copy them over.
-    foreach (@{Bugzilla->cgi->{'Bugzilla_cookie_list'}}) {
-        $self->response->headers->push_header('Set-Cookie', $_);
+    foreach my $cookie (@{Bugzilla->cgi->{'Bugzilla_cookie_list'}}) {
+        $self->response->headers->push_header('Set-Cookie', $cookie);
+    }
+
+    # Copy across security related headers from Bugzilla::CGI
+    foreach my $header (split(/[\r\n]+/, Bugzilla->cgi->header)) {
+        my ($name, $value) = $header =~ /^([^:]+): (.*)/;
+        if (!$self->response->headers->header($name)) {
+           $self->response->headers->header($name => $value);
+        }
     }
 }
author	Dave Lawrence <dlawrence@mozilla.com>	2013-07-15 05:47:22 +0200
committer	Dave Lawrence <dlawrence@mozilla.com>	2013-07-15 05:47:22 +0200
commit	225d5430bc810f005c993d9f5234ffc47c4429c2 (patch)
tree	e64489c6e448cc705479bdf3e2b9acac4ce3cb2c /Bugzilla
parent	6e53f77df7e055797ef587f349e3c35fdd82718c (diff)
download	bugzilla-225d5430bc810f005c993d9f5234ffc47c4429c2.tar.gz bugzilla-225d5430bc810f005c993d9f5234ffc47c4429c2.tar.xz