From dfb07dbae045d3a04c051459021fa5f1add3dad4 Mon Sep 17 00:00:00 2001
From: Brad Jorsch <bjorsch@wikimedia.org>
Date: Mon, 1 Dec 2014 09:42:36 -0500
Subject: [PATCH] API: Add Access-Control-Allow-Headers in CORS preflight
 response

Otherwise a CORS request won't be able to properly make use of the new
header.

Bug: T76340
Change-Id: I1dbccdf928b85a4b194174d38f505787dd18f745
---
 includes/api/ApiMain.php | 1 +
 1 file changed, 1 insertion(+)

diff --git a/includes/api/ApiMain.php b/includes/api/ApiMain.php
index 004bfae94c..7600066a23 100644
--- a/includes/api/ApiMain.php
+++ b/includes/api/ApiMain.php
@@ -526,6 +526,7 @@ class ApiMain extends ApiBase {
 		if ( $matchOrigin ) {
 			$response->header( "Access-Control-Allow-Origin: $originParam" );
 			$response->header( 'Access-Control-Allow-Credentials: true' );
+			$response->header( 'Access-Control-Allow-Headers: Api-User-Agent' );
 			$this->getOutput()->addVaryHeader( 'Origin' );
 		}
 
-- 
2.20.1