From c3b984aa204bdb318b05302ab50702b789c305b0 Mon Sep 17 00:00:00 2001
From: David Lawrence <dkl@mozilla.com>
Date: Wed, 11 Mar 2015 14:26:14 +0000
Subject: Bug 1141440: OPTION response for CORS requests to REST doesn't allow
 X-Bugzilla headers r=glob,a=glob

---
 Bugzilla/WebService/Util.pm | 14 ++++----------
 1 file changed, 4 insertions(+), 10 deletions(-)

(limited to 'Bugzilla/WebService/Util.pm')

diff --git a/Bugzilla/WebService/Util.pm b/Bugzilla/WebService/Util.pm
index 4eae66bd3..cbbc47921 100644
--- a/Bugzilla/WebService/Util.pm
+++ b/Bugzilla/WebService/Util.pm
@@ -14,6 +14,7 @@ use warnings;
 use Bugzilla::Flag;
 use Bugzilla::FlagType;
 use Bugzilla::Error;
+use Bugzilla::WebService::Constants;
 
 use Storable qw(dclone);
 use URI::Escape qw(uri_unescape);
@@ -261,22 +262,15 @@ sub params_to_objects {
     return \@objects;
 }
 
-use constant X_HEADERS => {
-    X_BUGZILLA_LOGIN    => 'Bugzilla_login',
-    X_BUGZILLA_PASSWORD => 'Bugzilla_password',
-    X_BUGZILLA_API_KEY  => 'Bugzilla_api_key',
-    X_BUGZILLA_TOKEN    => 'Bugzilla_token',
-};
-
 sub fix_credentials {
     my ($params, $cgi) = @_;
 
     # Allow user to pass in authentication details in X-Headers
     # This allows callers to keep credentials out of GET request query-strings
     if ($cgi) {
-        foreach my $field (keys %{ X_HEADERS() }) {
-            next if exists $params->{X_HEADERS->{$field}} || $cgi->http($field) // '' eq '';
-            $params->{X_HEADERS->{$field}} = uri_unescape($cgi->http($field));
+        foreach my $field (keys %{ API_AUTH_HEADERS() }) {
+            next if exists $params->{API_AUTH_HEADERS->{$field}} || ($cgi->http($field) // '') eq '';
+            $params->{API_AUTH_HEADERS->{$field}} = uri_unescape($cgi->http($field));
         }
     }
 
-- 
cgit v1.2.3-24-g4f1b