diff options
author | David Lawrence <dkl@mozilla.com> | 2015-03-10 15:42:51 +0100 |
---|---|---|
committer | David Lawrence <dkl@mozilla.com> | 2015-03-10 15:42:51 +0100 |
commit | 394c986139de2d75016c465b1280353acae9e615 (patch) | |
tree | 5ebe7deb3a1d71e25b1c651adfa51a9bc0483d17 /Bugzilla | |
parent | e3194040ce6433ee38775e9a0e2cd1af37b41886 (diff) | |
download | bugzilla-394c986139de2d75016c465b1280353acae9e615.tar.gz bugzilla-394c986139de2d75016c465b1280353acae9e615.tar.xz |
Bug 1141440: OPTION response for CORS requests to REST doesn't allow X-Bugzilla headers
Diffstat (limited to 'Bugzilla')
-rw-r--r-- | Bugzilla/WebService/Server/REST.pm | 12 |
1 files changed, 11 insertions, 1 deletions
diff --git a/Bugzilla/WebService/Server/REST.pm b/Bugzilla/WebService/Server/REST.pm index 72d94acf6..9ee340ccb 100644 --- a/Bugzilla/WebService/Server/REST.pm +++ b/Bugzilla/WebService/Server/REST.pm @@ -141,8 +141,18 @@ sub response { { rpc => $self, result => \$result, response => $response }); # Access Control + my @allowed_headers = qw( + accept + content-type + origin + x-bugzilla-api-key + x-bugzilla-login + x-bugzilla-password + x-bugzilla-token + x-requested-with + ); $response->header("Access-Control-Allow-Origin", "*"); - $response->header("Access-Control-Allow-Headers", "origin, content-type, accept, x-requested-with"); + $response->header("Access-Control-Allow-Headers", join(', ', @allowed_headers)); # ETag support my $etag = $self->bz_etag; |