From 225d5430bc810f005c993d9f5234ffc47c4429c2 Mon Sep 17 00:00:00 2001 From: Dave Lawrence Date: Sun, 14 Jul 2013 23:47:22 -0400 Subject: Bug 787328 - xmlrpc.cgi doesn't send any security-related headers r=glob,a=justdave --- Bugzilla/WebService/Server/XMLRPC.pm | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) (limited to 'Bugzilla') diff --git a/Bugzilla/WebService/Server/XMLRPC.pm b/Bugzilla/WebService/Server/XMLRPC.pm index 025fb8f19..fc297421a 100644 --- a/Bugzilla/WebService/Server/XMLRPC.pm +++ b/Bugzilla/WebService/Server/XMLRPC.pm @@ -61,8 +61,16 @@ sub make_response { # XMLRPC::Transport::HTTP::CGI doesn't know about Bugzilla carrying around # its cookies in Bugzilla::CGI, so we need to copy them over. - foreach (@{Bugzilla->cgi->{'Bugzilla_cookie_list'}}) { - $self->response->headers->push_header('Set-Cookie', $_); + foreach my $cookie (@{Bugzilla->cgi->{'Bugzilla_cookie_list'}}) { + $self->response->headers->push_header('Set-Cookie', $cookie); + } + + # Copy across security related headers from Bugzilla::CGI + foreach my $header (split(/[\r\n]+/, Bugzilla->cgi->header)) { + my ($name, $value) = $header =~ /^([^:]+): (.*)/; + if (!$self->response->headers->header($name)) { + $self->response->headers->header($name => $value); + } } } -- cgit v1.2.3-24-g4f1b