From 7c6230d6f8a9bd3311252c2c66cbb81b1053f5e2 Mon Sep 17 00:00:00 2001
From: David Lawrence <dkl@mozilla.com>
Date: Wed, 11 Mar 2015 14:26:14 +0000
Subject: Bug 1141440 - OPTION response for CORS requests to REST doesn't allow
 X-Bugzilla headers

---
 Bugzilla/WebService/Constants.pm | 12 ++++++++++++
 1 file changed, 12 insertions(+)

(limited to 'Bugzilla/WebService/Constants.pm')

diff --git a/Bugzilla/WebService/Constants.pm b/Bugzilla/WebService/Constants.pm
index 34981c565..4678d468d 100644
--- a/Bugzilla/WebService/Constants.pm
+++ b/Bugzilla/WebService/Constants.pm
@@ -40,6 +40,8 @@ our @EXPORT = qw(
     REST_CONTENT_TYPE_WHITELIST
 
     WS_DISPATCH
+
+    API_AUTH_HEADERS
 );
 
 # This maps the error names in global/*-error.html.tmpl to numbers.
@@ -295,4 +297,14 @@ sub WS_DISPATCH {
     return $dispatch;
 };
 
+# Custom HTTP headers that can be used for API authentication rather than
+# passing as URL parameters. This is useful if you do not want sensitive
+# information to show up in webserver log files.
+use constant API_AUTH_HEADERS => {
+    X_BUGZILLA_LOGIN    => 'Bugzilla_login',
+    X_BUGZILLA_PASSWORD => 'Bugzilla_password',
+    X_BUGZILLA_API_KEY  => 'Bugzilla_api_key',
+    X_BUGZILLA_TOKEN    => 'Bugzilla_token',
+};
+
 1;
-- 
cgit v1.2.3-24-g4f1b