From c3b984aa204bdb318b05302ab50702b789c305b0 Mon Sep 17 00:00:00 2001
From: David Lawrence <dkl@mozilla.com>
Date: Wed, 11 Mar 2015 14:26:14 +0000
Subject: Bug 1141440: OPTION response for CORS requests to REST doesn't allow
 X-Bugzilla headers r=glob,a=glob

---
 Bugzilla/WebService/Server/REST.pm | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

(limited to 'Bugzilla/WebService/Server')

diff --git a/Bugzilla/WebService/Server/REST.pm b/Bugzilla/WebService/Server/REST.pm
index d02ba5523..9c9141c09 100644
--- a/Bugzilla/WebService/Server/REST.pm
+++ b/Bugzilla/WebService/Server/REST.pm
@@ -134,8 +134,10 @@ sub response {
         { rpc => $self, result => \$result, response => $response });
 
     # Access Control
+    my @allowed_headers = (qw(accept content-type origin x-requested-with),
+        map { tr/A-Z_/a-z\-/r } keys API_AUTH_HEADERS());
     $response->header("Access-Control-Allow-Origin", "*");
-    $response->header("Access-Control-Allow-Headers", "origin, content-type, accept, x-requested-with");
+    $response->header("Access-Control-Allow-Headers", join(', ', @allowed_headers));
 
     # ETag support
     my $etag = $self->bz_etag;
-- 
cgit v1.2.3-24-g4f1b