From 394c986139de2d75016c465b1280353acae9e615 Mon Sep 17 00:00:00 2001 From: David Lawrence Date: Tue, 10 Mar 2015 14:42:51 +0000 Subject: Bug 1141440: OPTION response for CORS requests to REST doesn't allow X-Bugzilla headers --- Bugzilla/WebService/Server/REST.pm | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) (limited to 'Bugzilla/WebService') diff --git a/Bugzilla/WebService/Server/REST.pm b/Bugzilla/WebService/Server/REST.pm index 72d94acf6..9ee340ccb 100644 --- a/Bugzilla/WebService/Server/REST.pm +++ b/Bugzilla/WebService/Server/REST.pm @@ -141,8 +141,18 @@ sub response { { rpc => $self, result => \$result, response => $response }); # Access Control + my @allowed_headers = qw( + accept + content-type + origin + x-bugzilla-api-key + x-bugzilla-login + x-bugzilla-password + x-bugzilla-token + x-requested-with + ); $response->header("Access-Control-Allow-Origin", "*"); - $response->header("Access-Control-Allow-Headers", "origin, content-type, accept, x-requested-with"); + $response->header("Access-Control-Allow-Headers", join(', ', @allowed_headers)); # ETag support my $etag = $self->bz_etag; -- cgit v1.2.3-24-g4f1b