From: Brad Jorsch <bjorsch@wikimedia.org>
Date: Mon, 1 Dec 2014 14:42:36 +0000 (-0500)
Subject: API: Add Access-Control-Allow-Headers in CORS preflight response
X-Git-Tag: 1.31.0-rc.0~13115^2
X-Git-Url: http://git.cyclocoop.org/%22.htmlspecialchars%28%24url_syndic%29.%22?a=commitdiff_plain;h=dfb07dbae045d3a04c051459021fa5f1add3dad4;p=lhc%2Fweb%2Fwiklou.git

API: Add Access-Control-Allow-Headers in CORS preflight response

Otherwise a CORS request won't be able to properly make use of the new
header.

Bug: T76340
Change-Id: I1dbccdf928b85a4b194174d38f505787dd18f745
---

diff --git a/includes/api/ApiMain.php b/includes/api/ApiMain.php
index 004bfae94c..7600066a23 100644
--- a/includes/api/ApiMain.php
+++ b/includes/api/ApiMain.php
@@ -526,6 +526,7 @@ class ApiMain extends ApiBase {
 		if ( $matchOrigin ) {
 			$response->header( "Access-Control-Allow-Origin: $originParam" );
 			$response->header( 'Access-Control-Allow-Credentials: true' );
+			$response->header( 'Access-Control-Allow-Headers: Api-User-Agent' );
 			$this->getOutput()->addVaryHeader( 'Origin' );
 		}