From 81da577697a86446d8f8ff8b097760a3b197095c Mon Sep 17 00:00:00 2001
From: Dave Lawrence <dlawrence@mozilla.com>
Date: Sun, 14 Jul 2013 23:43:57 -0400
Subject: Bug 787328 - xmlrpc.cgi doesn't send any security-related headers
 r=glob,a=justdave

---
 Bugzilla/WebService/Server/XMLRPC.pm | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

(limited to 'Bugzilla/WebService')

diff --git a/Bugzilla/WebService/Server/XMLRPC.pm b/Bugzilla/WebService/Server/XMLRPC.pm
index b4af1ab94..eab718efc 100644
--- a/Bugzilla/WebService/Server/XMLRPC.pm
+++ b/Bugzilla/WebService/Server/XMLRPC.pm
@@ -57,8 +57,16 @@ sub make_response {
 
     # XMLRPC::Transport::HTTP::CGI doesn't know about Bugzilla carrying around
     # its cookies in Bugzilla::CGI, so we need to copy them over.
-    foreach (@{Bugzilla->cgi->{'Bugzilla_cookie_list'}}) {
-        $self->response->headers->push_header('Set-Cookie', $_);
+    foreach my $cookie (@{Bugzilla->cgi->{'Bugzilla_cookie_list'}}) {
+        $self->response->headers->push_header('Set-Cookie', $cookie);
+    }
+
+    # Copy across security related headers from Bugzilla::CGI
+    foreach my $header (split(/[\r\n]+/, Bugzilla->cgi->header)) {
+        my ($name, $value) = $header =~ /^([^:]+): (.*)/;
+        if (!$self->response->headers->header($name)) {
+           $self->response->headers->header($name => $value);
+        }
     }
 }
 
-- 
cgit v1.2.3-24-g4f1b