Otherwise a CORS request won't be able to properly make use of the new
header.
Bug: T76340
Change-Id: I1dbccdf928b85a4b194174d38f505787dd18f745
if ( $matchOrigin ) {
$response->header( "Access-Control-Allow-Origin: $originParam" );
$response->header( 'Access-Control-Allow-Credentials: true' );
if ( $matchOrigin ) {
$response->header( "Access-Control-Allow-Origin: $originParam" );
$response->header( 'Access-Control-Allow-Credentials: true' );
+ $response->header( 'Access-Control-Allow-Headers: Api-User-Agent' );
$this->getOutput()->addVaryHeader( 'Origin' );
}
$this->getOutput()->addVaryHeader( 'Origin' );
}